#!/usr/bin/env python
# © Copyright EnterpriseDB UK Limited 2015-2024 - All rights reserved.

import argparse
import os
import sys
from posixpath import basename, join

from ansible.cli import CLI
from ansible.parsing.dataloader import DataLoader
from ansible import constants as C

from tpaexec.exceptions import PasswordReadError

prog = "show-password"
p = argparse.ArgumentParser(
    prog=prog,
    description="""
            Shows the password stored in the local inventory for the given user.
            """,
)
p.add_argument(
    "user",
    help="user name associated to the password",
)
p.add_argument(
    "--vault_password_file",
    help="path to vault password file",
)

args = vars(p.parse_args())

group_vars_dir = "inventory/group_vars"

if not (os.path.exists(group_vars_dir) and os.path.isdir(group_vars_dir)):
    sys.stderr.write("Failed to find inventory at " + group_vars_dir)
    sys.exit(1)

password_filename = args.get("user") + "_password"
for entry in os.listdir(group_vars_dir):
    if entry.startswith("tag_Cluster_"):
        password_file = os.path.join(
            group_vars_dir, entry, "secrets", password_filename + ".yml"
        )

try:
    loader = DataLoader()
    vault_secret = CLI.setup_vault_secrets(
        loader=loader,
        vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST,
        vault_password_files=[args.get("vault_password_file")],
    )
except:
    raise PasswordReadError(
        "vault_password_file: {} not found".format(args.get("vault_password_file"))
    )

try:
    data = loader.load_from_file(password_file)
    print(data[password_filename])
except:
    raise PasswordReadError(
        "password not found for {} at {}".format(args.get("user"), password_file)
    )
