#!/usr/bin/env python
# © Copyright EnterpriseDB UK Limited 2015-2024 - All rights reserved.

import argparse
import os
import sys
from posixpath import basename, join

from ansible.cli import CLI
from ansible.errors import AnsibleFileNotFound
from ansible.parsing.dataloader import DataLoader
from tpaexec.exceptions import PasswordReadError

from ansible import constants as C

prog = "show-password"
p = argparse.ArgumentParser(
    prog=prog,
    description="""
            Shows the password stored in the local inventory for the given user.
            """,
)
p.add_argument(
    "user",
    help="user name associated to the password",
)
p.add_argument(
    "--vault_password_file",
    help="path to vault password file",
)

args = vars(p.parse_args())

group_vars_dir = "inventory/group_vars"

if not (os.path.exists(group_vars_dir) and os.path.isdir(group_vars_dir)):
    sys.stderr.write("Failed to find inventory at " + group_vars_dir)
    sys.exit(1)

password_filename = args.get("user") + "_password"
for entry in os.listdir(group_vars_dir):
    if entry.startswith("tag_Cluster_"):
        password_file = os.path.join(
            group_vars_dir, entry, "secrets", password_filename + ".yml"
        )

try:
    loader = DataLoader()
    vault_secret = CLI.setup_vault_secrets(
        loader=loader,
        vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST,
        vault_password_files=[args.get("vault_password_file")],
    )
except:
    raise PasswordReadError(
        f"vault_password_file: {args.get('vault_password_file')} not found"
    )

try:
    data = loader.load_from_file(password_file)
    print(data[password_filename])
except:
    raise PasswordReadError(
        f"password not found for {args.get('user')} at {password_file}")
