from os.path import join
from json import dumps

service_account = node.metadata.get('gcloud/service_account')
project = node.metadata.get('gcloud/project')

directories[f'/etc/gcloud'] = {
    'purge': True,
}

files['/etc/gcloud/gcloud.json'] = {
    'content': dumps(
        node.metadata.get('gcloud'),
        indent=4,
        sort_keys=True
    ),
}

files['/etc/gcloud/service_account.json'] = {
    'content': repo.vault.decrypt_file(
        join(repo.path, 'data', 'gcloud', 'service_accounts', f'{service_account}@{project}.json.enc')
    ),
    'mode': '500',
    'needs': [
        'pkg_apt:google-cloud-sdk',
    ],
}

actions['gcloud_activate_service_account'] = {
    'command': 'gcloud auth activate-service-account --key-file /etc/gcloud/service_account.json',
    'unless': f"gcloud auth list | grep -q '^\*[[:space:]]*{service_account}@{project}.iam.gserviceaccount.com'",
    'needs': [
        f'file:/etc/gcloud/service_account.json'
    ],
}

actions['gcloud_select_project'] = {
    'command': f"gcloud config set project '{project}'",
    'unless': f"gcloud config get-value project | grep -q '^{project}$'",
    'needs': [
        f'action:gcloud_activate_service_account'
    ],
}