package command

import (
	"fmt"
	"strings"
)

// UnmountCommand is a Command that mounts a new mount.
type UnmountCommand struct {
	Meta
}

func (c *UnmountCommand) Run(args []string) int {
	flags := c.Meta.FlagSet("mount", FlagSetDefault)
	flags.Usage = func() { c.Ui.Error(c.Help()) }
	if err := flags.Parse(args); err != nil {
		return 1
	}

	args = flags.Args()
	if len(args) != 1 {
		flags.Usage()
		c.Ui.Error(fmt.Sprintf(
			"\nUnmount expects one argument: the path to unmount"))
		return 1
	}

	path := args[0]

	client, err := c.Client()
	if err != nil {
		c.Ui.Error(fmt.Sprintf(
			"Error initializing client: %s", err))
		return 2
	}

	if err := client.Sys().Unmount(path); err != nil {
		c.Ui.Error(fmt.Sprintf(
			"Unmount error: %s", err))
		return 2
	}

	c.Ui.Output(fmt.Sprintf(
		"Successfully unmounted '%s'!", path))

	return 0
}

func (c *UnmountCommand) Synopsis() string {
	return "Unmount a secret backend"
}

func (c *UnmountCommand) Help() string {
	helpText := `
Usage: vault unmount [options] type

  Unmount a secret backend.

  This command unmounts a secret backend. All the secrets created
  by this backend will be revoked and its Vault data will be deleted.

General Options:

  -address=addr           The address of the Vault server.

  -ca-cert=path           Path to a PEM encoded CA cert file to use to
                          verify the Vault server SSL certificate.

  -ca-path=path           Path to a directory of PEM encoded CA cert files
                          to verify the Vault server SSL certificate. If both
                          -ca-cert and -ca-path are specified, -ca-path is used.

  -tls-skip-verify        Do not verify TLS certificate. This is highly
                          not recommended. This is especially not recommended
                          for unsealing a vault.

`
	return strings.TrimSpace(helpText)
}