#!/usr/bin/env python3
"""arq-snowflake — snowflake API bridge. v0: warehouses list"""
import argparse, json, os, sys, urllib.request, urllib.error
from pathlib import Path
sys.path.insert(0, str(Path(__file__).parent))
from _arq_provider_base import sops_extract, call_with_audit, print_json, handle_meta_flags

PROVIDER = "snowflake"
REQUIRED_SCOPES: dict[str, list[str]] = {
    # Snowflake role grant required for SHOW WAREHOUSES.
    "list": ["USAGE on warehouse"],
}
def _key(): return os.environ.get("SNOWFLAKE_TOKEN") or sops_extract('["arqera_twin_admin"]["snowflake"]["value"]') or sops_extract('["snowflake"]["snowflake_api_key"]')
def _get(path):
    k = _key()
    if not k: return 401, "no snowflake key"
    req = urllib.request.Request(f"https://arqera.snowflakecomputing.com/api/v2{path}", headers={"Authorization": f"Bearer {k}"})
    try:
        with urllib.request.urlopen(req, timeout=30) as r: return r.status, json.loads(r.read())
    except urllib.error.HTTPError as e: return e.code, e.read().decode("utf-8","ignore")
    except Exception as e: return 500, str(e)

def _list(a):
    c, d = _get("/warehouses")
    if c != 200: sys.stderr.write(f"HTTP {c}: {d}\n"); return 1
    return print_json(d)

def main():
    handle_meta_flags(PROVIDER, REQUIRED_SCOPES)
    p = argparse.ArgumentParser(prog="arq-snowflake"); s = p.add_subparsers(dest="cmd", required=True)
    sl = s.add_parser("list"); sl.set_defaults(func=_list, verb="list")
    args = p.parse_args()
    return call_with_audit(PROVIDER, args.verb, args.func, args)

if __name__ == "__main__": sys.exit(main())
