##
## must be sourced in your interactive shell or by scripts before using vault files
##

print_error() {
  echo "\033[1;31mERROR:\033[1;0m $1"
}

vault_environment__get() {
  echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d'
}

vault_environment__set() {
  unset ANSIBLE_VAULT_IDENTITY_LIST
  for e in "$@"; do
    vault_environment__activate $e
  done
}

vault_environment__activate() {
  if [ -z "$1" ]; then
    print_error "please specify an environment"
    return
  fi

  if [ ! -f "gpg/get-vault-pass-$1" ]; then
    print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'"
    return
  fi

  for e in $(vault_environment__get); do
    if [ "$1" = "$e" ]; then
      return
    fi
  done

  if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then
    export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1"
  else
    export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1"
  fi
}

vault_environment__deactivate() {
  local new_list

  if [ -z "$1" ]; then
    print_error "please specify an environment"
    return
  fi

  new_list=""
  for e in $(vault_environment__get); do
    if [ "$1" != "$e" ]; then
      if [ -z "$new_list" ]; then
        new_list="$e@gpg/get-vault-pass-$e"
      else
        new_list="$new_list,$e@gpg/get-vault-pass-$e"
      fi
    fi
  done

  if [ -z "$new_list" ]; then
    unset ANSIBLE_VAULT_IDENTITY_LIST
  else
    export ANSIBLE_VAULT_IDENTITY_LIST="$new_list"
  fi
}

op="$1"
if [ -n "$op" ]; then
  shift
fi

case $op in
  activate|deactivate|set|get)
    "vault_environment__$op" "$@"
    ;;
  *)
    print_error "unknown operation: '$op'"
    ;;
esac