#!/usr/bin/env python3

import argparse
import sys
from os import path

# if script's parent directory isn't in sys.path, then add it
if ('/'.join(sys.path[0].split("/")[:-1]) not in sys.path):
    sys.path.append('/'.join(sys.path[0].split("/")[:-1]))

from apcommon import dsmshelper
from apsdk import apenv


def main(service, cluster, certpath, keypath, dns='', get_secret='', quiet=False):
    client = dsmshelper.DsmsHelper(service, dns, cluster, certpath, keypath, cli=True)

    # Get the secrets json
    try:
        resp = client.get_all_secrets()
    except Exception as e:
        print("Error obtaining secret: {0}".format(e), file=sys.stderr)

    # If all secrets were requested, then print and exit
    if not get_secret:
        print(resp)
        sys.exit(0)

    # Sometimes path may contain training or leading "/"
    secret_path = get_secret.strip("/")

    # Parse the response and get the secret.
    try:
        dsms_response = dsmshelper.DsmsResponse(namespace="aplinux", response_json=resp)
        secret = dsms_response.get_secret(secret_path)
        # Print the secret to stdout
        print(secret)
    except Exception as e:
        print("Error obtaining secret: {0}\nResponse = {1}".format(e, resp), file=sys.stderr)
        sys.exit(-1)


def get_cluster(args, parser):
    # Get cluster if it wasn't passed in.
    if not args.cluster:
        try:
            cluster = apenv.get_cluster_name().lower()
        except Exception:
            parser.error("Could not find AP cluster. Pass in --cluster parameter.")
        return cluster
    else:
        return args.cluster


def get_certs(args, parser):
    # Get certs
    if not args.cert_path or not args.key_path:
        try:
            client_key, client_cert = apenv.get_machine_function_cert()
        except Exception:
            parser.error("Could not find AP Machine function certs. Pass in cert/key parameters.")
    else:
        client_key = args.key_path
        client_cert = args.cert_path

    # Ensure we can read the client certs
    if path.isfile(client_cert) is False:
        parser.error("Certificate file could not be found {0}".format(client_cert))

    if path.isfile(client_key) is False:
        parser.error("Key file could not be found {0}".format(client_key))

    return client_cert, client_key


if __name__ == '__main__':
    parser = argparse.ArgumentParser(description="Download secrets from DSMS.")
    parser.add_argument("-l", "--cluster", metavar="CLUSTER", required=True, help="machine cluster")
    parser.add_argument("-s", "--service", metavar="SERVICE", required=True, help="service name")
    parser.add_argument("-d", "--dsms-dns", metavar="DSMSDNS", help="file to upload to the server")
    parser.add_argument("-c", "--cert-path", metavar="CERTPATH", help="certificate for client auth")
    parser.add_argument("-k", "--key-path", metavar="KEYPATH", help="private key for client auth")
    parser.add_argument("-o", "--get-only-secret", metavar="SECRETPATH", help="dsms path to secret")
    parser.add_argument(
        "-q",
        "--quiet",
        default=False,
        help='log descriptive output',
        action="store_true")

    args = parser.parse_args()

    # Validate and get client certs
    client_cert, client_key = get_certs(args, parser)

    # Get dsms dns
    cluster = get_cluster(args, parser)

    main(
        service=args.service,
        certpath=args.cert_path,
        keypath=args.key_path,
        cluster=cluster,
        dns=args.dsms_dns,
        get_secret=args.get_only_secret,
        quiet=args.quiet,
    )
