"""CoopHost module."""

from os import chdir, mkdir
from os.path import basename, exists
from pathlib import Path

import click

from autonomic.config import CONFIG_YAML, INFRA_DIR
from autonomic.logger import log
from autonomic.settings import add, get
from autonomic.utils import (
    ensure_config_dir,
    ensure_deploy_d_dir,
    input_ask,
    pass_ask,
    question_ask,
    run,
    yaml_dump,
    yaml_load,
)


@click.command()
@click.pass_context
def coophost(ctx):
    """Manage CoopHost resources."""
    ensure_config_dir()

    choices = ["encrypt"]
    operation = question_ask("operation", "Which operation?", choices)

    if operation == "encrypt":
        encrypt()


def encrypt():
    """Encrypt a secret for a CoopHost package."""
    ensure_deploy_d_dir()

    app_dir = Path(".").absolute()

    app = basename(Path(".").absolute())
    log.info("Auto-detected the {} application".format(app))

    app_settings = get(app)
    if app_settings is not None and "vault-password" in app_settings:
        log.info("Using app vault password stored in {}".format(CONFIG_YAML))
        vault_password = app_settings["vault-password"]
    else:
        log.info("No app vault password configured")
        vault_password = pass_ask("Vault password?")

        log.info("App vault password stored in {}".format(CONFIG_YAML))
        add({app: {"vault-password": vault_password}})

    name = input_ask("Which variable do you want to encrypt?")
    value = pass_ask("Variable value to encrypt?")

    cmd = [".venv/bin/ansible-vault", "encrypt_string", "--name", name, value]
    encrypted = run(
        cmd,
        cwd=INFRA_DIR,
        pexpect=True,
        pexpected={
            "(?i)new vault password:": vault_password,
            "(?i)confirm new vault password:": vault_password,
        },
    )
    encrypted = (
        encrypted.strip()
        .replace("\r", "")
        .replace("\nEncryption successful", "")
    )

    chdir(app_dir)
    log.info("Changed directory back to to {}".format(app_dir))

    vault_path = (Path(".") / "deploy.d" / "vault").absolute()
    if not exists(vault_path):
        log.info("Creating {}".format(vault_path))
        mkdir(vault_path)

    var_path = (vault_path / "{}.yml".format(name)).absolute()
    with open(var_path, "w"):
        loaded = yaml_load(encrypted, text=True)
        yaml_dump(var_path, loaded)
        log.success("Encrypted and saved {} in {}".format(name, var_path))