package config_test

import (
	"testing"

	"github.com/stretchr/testify/assert"

	"gerrit.wikimedia.org/r/blubber/config"
)

func TestPolicyRead(t *testing.T) {
	policy, err := config.ReadYAMLPolicy([]byte(`---
    enforcements:
      - path: variants.production.runs.as
        rule: ne=root
      - path: base
        rule: oneof=debian:jessie debian:stretch`))

	if assert.NoError(t, err) {
		if assert.Len(t, policy.Enforcements, 2) {
			assert.Equal(t, "variants.production.runs.as", policy.Enforcements[0].Path)
			assert.Equal(t, "ne=root", policy.Enforcements[0].Rule)

			assert.Equal(t, "base", policy.Enforcements[1].Path)
			assert.Equal(t, "oneof=debian:jessie debian:stretch", policy.Enforcements[1].Rule)
		}
	}
}

func TestPolicyValidate(t *testing.T) {
	cfg := config.Config{
		CommonConfig: config.CommonConfig{
			Base: "foo:tag",
		},
		Variants: map[string]config.VariantConfig{
			"foo": config.VariantConfig{
				CommonConfig: config.CommonConfig{
					Runs: config.RunsConfig{
						UserConfig: config.UserConfig{
							As: "root",
						},
					},
				},
			},
		},
	}

	policy := config.Policy{
		Enforcements: []config.Enforcement{
			{Path: "variants.foo.runs.as", Rule: "ne=root"},
		},
	}

	assert.EqualError(t,
		policy.Validate(cfg),
		`value for "variants.foo.runs.as" violates policy rule "ne=root"`,
	)

	policy = config.Policy{
		Enforcements: []config.Enforcement{
			{Path: "base", Rule: "oneof=debian:jessie debian:stretch"},
		},
	}

	assert.EqualError(t,
		policy.Validate(cfg),
		`value for "base" violates policy rule "oneof=debian:jessie debian:stretch"`,
	)
}

func TestEnforcementOnFlag(t *testing.T) {
	cfg := config.Config{
		Variants: map[string]config.VariantConfig{
			"production": config.VariantConfig{
				CommonConfig: config.CommonConfig{
					Runs: config.RunsConfig{
						Insecurely: config.Flag{True: true},
					},
				},
			},
		},
	}

	policy := config.Policy{
		Enforcements: []config.Enforcement{
			{Path: "variants.production.runs.insecurely", Rule: "isfalse"},
		},
	}

	assert.Error(t,
		policy.Validate(cfg),
		`value for "variants.production.runs.insecurely" violates policy rule "isfalse"`,
	)

}

func TestResolveJSONPath(t *testing.T) {
	cfg := config.Config{
		Variants: map[string]config.VariantConfig{
			"foo": config.VariantConfig{
				CommonConfig: config.CommonConfig{
					Runs: config.RunsConfig{
						UserConfig: config.UserConfig{
							As: "root",
						},
					},
				},
			},
		},
	}

	val, err := config.ResolveJSONPath("variants.foo.runs.as", cfg)

	if assert.NoError(t, err) {
		assert.Equal(t, "root", val)
	}
}