import oci
import ast
import base64

# Specify the OCID of the secret to retrieve


def get_secretcontents(ocid):
    #
    # Authentication is done using Instance Principals on VMs and Resouce Principal on OCI Container Instances
    # The function first tries Resource Principal and fails back to Instance Principal in case of error
    #
    try:
        signer = oci.auth.signers.get_resource_principals_signer()
    except:
        signer = signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()

    # Create secret client and retrieve content
    secretclient = oci.secrets.SecretsClient({}, signer=signer)
    secretcontents = secretclient.get_secret_bundle(secret_id=ocid)
    return secretcontents


def get_password(ocid):

    secretcontents = get_secretcontents(ocid)

    # Decode the secret from base64 and return password
    keybase64 = secretcontents.data.secret_bundle_content.content
    keybase64bytes = keybase64.encode("ascii")
    keybytes = base64.b64decode(keybase64bytes)
    key = keybytes.decode("ascii")
    keydict = ast.literal_eval(key)
    return keydict["password"]


def get_secret(ocid):

    # Create client
    secretcontents = get_secretcontents(ocid)

    # Decode the secret from base64 and return it
    certbase64 = secretcontents.data.secret_bundle_content.content
    certbytes = base64.b64decode(certbase64)
    cert = certbytes.decode("UTF-8")
    return cert