#!/usr/bin/env python3
# scripts/extract_admin_password.py
# Read `juju run keystone/leader get-admin-password --format json` on stdin and print
# the admin password. The action's JSON shape varies by juju version, so search
# recursively for the first non-empty 'admin-password'/'password'/'Stdout' value.
# Prints empty string (and the caller gates) if none found. No secret is logged.
import json, sys

KEYS = ("admin-password", "password", "Stdout")

def find(o):
    if isinstance(o, dict):
        for k in KEYS:
            if k in o and o[k]:
                return str(o[k]).strip()
        for v in o.values():
            r = find(v)
            if r:
                return r
    elif isinstance(o, list):
        for v in o:
            r = find(v)
            if r:
                return r
    return ""

def main():
    try:
        data = json.load(sys.stdin)
    except Exception:
        return ""
    return find(data)

if __name__ == "__main__":
    print(main())