# https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/filter/core.py
# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms.html

import boto3
import base64

kms = boto3.client('kms', region_name='eu-central-1')

def aws_kms_decrypt(ciphertext):
	'''
		:param ciphertext: Base64 encoded ciphertext from AWS KMS encrypt
		:return plaintext decrypted from given ciphertext
	'''
	return kms.decrypt(CiphertextBlob=base64.b64decode(ciphertext)).get('Plaintext')


class FilterModule(object):
	def filters(self):
		return {
			'aws_kms_decrypt': aws_kms_decrypt,
		}