#!/usr/bin/python
# -*- coding: utf-8 -*-

# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
"""Unseal Hashicorp Vault servers."""

from __future__ import absolute_import, division, print_function

__metaclass__ = type

ANSIBLE_METADATA = {"status": ["stableinterface"], "supported_by": "community", "version": "1.1"}

DOCUMENTATION = """
---
module: hashivault_unseal
short_description: Hashicorp Vault unseal module.
version_added: 1.2.0
description:
  - "Module to unseal Hashicorp Vault."
options:
  keys:
    description:
      - Vault key shard(s).
    type: list
    elements: str
    required: true
author:
  - Robert Kaussow (@xoxys)
extends_documentation_fragment:
  - xoxys.general.hashivault
"""

EXAMPLES = """
---
- name: Unseal vault
  hashivault_unseal:
    keys:
      - 26479cc0-54bc-4252-9c34-baca54aa5de7
      - 47f942e3-8525-4b44-ba2f-84a4ae81db7d
      - 2ee9c868-4275-4836-8747-4f8fb7611aa0
    url: https://vault.example.com
"""

from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashivault_argspec
from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashivault_client
from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashivault_init
from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashiwrapper


def main():
    argspec = hashivault_argspec()
    argspec["keys"] = dict(required=True, type="list", elements="str", no_log=True)
    module = hashivault_init(argspec)
    result = hashivault_unseal(module.params)
    if result.get("failed"):
        module.fail_json(**result)
    else:
        module.exit_json(**result)


@hashiwrapper
def hashivault_unseal(params):
    keys = params.get("keys")
    client = hashivault_client(params)
    if client.sys.is_sealed():
        return {"status": client.sys.submit_unseal_keys(keys), "changed": True}

    return {"changed": False}


if __name__ == "__main__":
    main()