# -*- coding: utf-8 -*-
#
# secrets.py
# ----------
#
# Copyright (C) 2007 Jeremie Dimino <dimino@crans.org>
# Copyright (C) 2014 Daniel STAN <daniel.stan@crans.org>
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.

"""
Recuperation des secrets depuis /etc/crans/secrets.
"""

import sys
import os
import logging
import logging.handlers
import getpass

SECRET_PATH = '/etc/crans/secrets'

# Initialisation d'un logger pour faire des stats etc
# pour l'instant, on centralise tout sur thot en mode debug
logger = logging.getLogger('secrets_new')
logger.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(name)s: [%(levelname)s] %(message)s')
handler = logging.handlers.SysLogHandler(address = '/dev/log')
try:
    handler.addFormatter(formatter)
except AttributeError:
    handler.formatter = formatter
logger.addHandler(handler)

class SecretNotFound(Exception):
    pass

class SecretForbidden(Exception):
    pass

# Définitions de fonctions renvoyant un secret, si existant, en utilisant
# **UNE** méthode d'accès
def python_loader(name):
    """Charger depuis le fichier python la variable au ``name`` correspondant"""
    try:
        sys.path.insert(0, SECRET_PATH)
        import secrets as module
        sys.path.pop(0)
        try:
            return getattr(module, name)
        except AttributeError:
            raise SecretNotFound()
    except ImportError:
        raise SecretForbidden()

def single_file_loader(name):
    """Charger depuis un fichier isolé appelé ``name``"""
    path = os.path.join(SECRET_PATH, name)
    if not os.path.isfile(path):
        raise SecretNotFound()
    try:
        with open(path, 'r') as source:
            result = source.read().strip()
        return result
    except IOError:
        raise SecretForbidden()

def try_file_loader(name):
    """Charge un fichier, mais sans échec si pas de droit de lecture"""
    try:
        return single_file_loader(name)
    except SecretForbidden:
        raise SecretNotFound()

def get(name):
    """ Récupère un secret. """
    prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0])
    logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, name))

    loaders = [python_loader, single_file_loader]
    notfound_error = None
    
    for loader in loaders:
        try:
            return loader(name)
        except SecretNotFound as exc:
            notfound_error = notfound_error or exc
        except SecretForbidden:
            logger.critical('...and that failed (Forbidden).')
            raise
            
    logger.critical('...and that failed (not found).')
    raise notfound_error