import argparse
import os
import string
import sys 
from ansible_vault import Vault

if __name__ == "__main__":

    parser = argparse.ArgumentParser(description='Securely wrap terraform like a terrarist!')
    parser.add_argument('action', choices=['plan', 'apply', 'import', 'init'], help='Terraform action to execute')
    parser.add_argument('--vault', '--ansible-vault', dest='vault_file', required=True, help='Ansible Vault File')
    parser.add_argument('--vault-password-file', dest='vault_password', required=True, help='Ansible Vault Password File')
    parser.add_argument('--environment', dest='environment', required=True, help='Production, Staging, etc...')

    args, options = parser.parse_known_args()

    if not os.path.isfile(args.vault_file):
        sys.stderr.write("Ansible vault file does not exist.\n")
        sys.exit(3)

    if not os.path.isfile(args.vault_password):
        sys.stderr.write("Ansible vault password does not exist.\n")
        sys.exit(3)

    password = open(args.vault_password).read().strip()

    vault = Vault(password)
    data = vault.load(open(args.vault_file).read())

    cmd = ["terraform", args.action, "--var", "environment=%s" %args.environment, '--var-file=var_homeip.tfvar' ]

    for key, value in data.items():
        cmd.append("--var")
        cmd.append("'%s=%s'" %(key, value))

    cmd += string.join(options)
    
    x = os.system(string.join(cmd))
    sys.exit(x)