package secrets

import (
	"context"
	"testing"
	"testing/fstest"
	"time"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/suite"
)

var testFs fstest.MapFS

var jsonTestConfig = []byte(`{
	"secrets": {
		"database": {
			"username": "dbuser",
			"password": "dbpass"
		},
		"iam": {
			"access_key": "accesskey",
			"secret_key": "secretkey"
		},
		"apikey": {
			"key": "api"
		}
	}
}`)

var yamlTestConfig = []byte(`
secrets:
  database:
    username: dbuser
    password: dbpass
  iam:
    access_key: accesskey
    secret_key: secretkey
  apikey:
    key: api
`)

func init() {
	testFs = fstest.MapFS{}
	testFs["secrets.foo"] = &fstest.MapFile{Data: jsonTestConfig}
	testFs["secrets.json"] = &fstest.MapFile{Data: jsonTestConfig}
	testFs["secrets.yaml"] = &fstest.MapFile{Data: yamlTestConfig}
	testFs["secrets.yml"] = &fstest.MapFile{Data: yamlTestConfig}
}

type ConfigFileClientSuite struct {
	suite.Suite
	c Client
}

func (s *ConfigFileClientSuite) SetupTest() {
	var err error
	s.c, err = NewConfigFileClient(testFs, "secrets.yaml", "secrets")
	assert.NoError(s.T(), err)
}

func (s *ConfigFileClientSuite) TestFromJSON() {
	_, err := NewConfigFileClient(testFs, "secrets.json", "secrets")
	assert.NoError(s.T(), err)
}

func (s *ConfigFileClientSuite) TestFromYAML() {
	_, err := NewConfigFileClient(testFs, "secrets.yaml", "secrets")
	assert.NoError(s.T(), err)
	_, err = NewConfigFileClient(testFs, "secrets.yml", "secrets")
	assert.NoError(s.T(), err)
}

func (s *ConfigFileClientSuite) TestFromInvalidExtension() {
	_, err := NewConfigFileClient(testFs, "secrets.foo", "secrets")
	assert.ErrorContains(s.T(), err, "extension .foo are not supported")
}

func (s *ConfigFileClientSuite) TestFromInvalidFile() {
	_, err := NewConfigFileClient(testFs, "secrets.foo-", "secrets")
	assert.ErrorContains(s.T(), err, "file does not exist")
}

func (s *ConfigFileClientSuite) TestFromInvalidKey() {
	_, err := NewConfigFileClient(testFs, "secrets.json", "sekrets")
	assert.ErrorContains(s.T(), err, "Key sekrets does not exist")
}

func (s *ConfigFileClientSuite) TestDatabaseCredential() {
	db, hnd, err := s.c.DatabaseCredential(context.TODO(), "database")
	assert.NoError(s.T(), err)
	assert.NotNil(s.T(), hnd)
	assert.Equal(s.T(), db.Username, "dbuser")
	assert.Equal(s.T(), db.Password, "dbpass")
}

func (s *ConfigFileClientSuite) TestSecret() {
	key := ApiKey{}
	hnd, err := s.c.Secret(context.TODO(), "apikey", &key)
	assert.NoError(s.T(), err)
	assert.NotNil(s.T(), hnd)
	assert.Equal(s.T(), key.Key, "api")
}

func (s *ConfigFileClientSuite) TestAWSIAMUser() {
	iam, hnd, err := s.c.AWSIAMUser(context.TODO(), "iam")
	assert.NoError(s.T(), err)
	assert.NotNil(s.T(), hnd)
	assert.Equal(s.T(), iam.AccessKeyId, "accesskey")
	assert.Equal(s.T(), iam.SecretAccessKey, "secretkey")
}

func (s *ConfigFileClientSuite) TestAWSAssumeRole() {
	_, _, err := s.c.AWSAssumeRole(context.TODO(), "role", "name", time.Second)
	assert.ErrorContains(s.T(), err, "not supported")
	_, _, err = s.c.AWSAssumeRoleSimple(context.TODO(), "role")
	assert.ErrorContains(s.T(), err, "not supported")
}

func TestConfigFileClientSuite(t *testing.T) {
	suite.Run(t, &ConfigFileClientSuite{})
}