#!/usr/bin/env bash

setup_file(){
  load "$PWD/tests/integration/helpers/common"
  _common_setup
  _add_server

  run $ABRA app new "$TEST_RECIPE" \
    --no-input \
    --server "$TEST_SERVER" \
    --domain "$TEST_APP_DOMAIN" \
  assert_success
  assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
}

teardown_file(){
  _rm_app
  _rm_server
  _reset_recipe
}

teardown(){
  # https://github.com/bats-core/bats-core/issues/383#issuecomment-738628888
  if [[ -z "${BATS_TEST_COMPLETED}" ]]; then
    _undeploy_app
  fi
}

setup(){
  load "$PWD/tests/integration/helpers/common"
  _common_setup
}

@test "generate: validate arguments" {
  run $ABRA app secret generate
  assert_failure
  assert_output --partial 'no app provided'

  run $ABRA app secret generate DOESNTEXIST
  assert_failure
  assert_output --partial 'cannot find app'

  run $ABRA app secret generate "$TEST_APP_DOMAIN"
  assert_failure
  assert_output --partial 'missing arguments'

  run $ABRA app secret generate "$TEST_APP_DOMAIN" testSecret testVersion --all
  assert_failure
  assert_output --partial 'cannot use'
  assert_output --partial "'--all' together"
}

@test "generate: single secret no match" {
  run $ABRA app secret generate "$TEST_APP_DOMAIN" DOESNTEXIST v1
  assert_failure
  assert_output --partial "doesn't exist in the env config"
}

@test "generate: create secrets" {
  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'test_pass_one'
  assert_output --partial 'test_pass_two'
  refute_output --partial 'extra_pass'
  assert_output --partial 'false'
  refute_output --partial 'true'

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_success
  assert_output --partial 'test_pass_one'
  assert_output --partial 'test_pass_two'
  refute_output --partial 'extra_pass'

  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'test_pass_one'
  assert_output --partial 'test_pass_two'
  refute_output --partial 'extra_pass'
  refute_output --partial 'false'
  assert_output --partial 'true'

  run docker -c "$TEST_SERVER" secret ls
  assert_success
  assert_output --partial 'test_pass_one'
  assert_output --partial 'test_pass_two'
  refute_output --partial 'extra_pass'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success
}

@test "generate: broken if missing version" {
  run sed -i '/SECRET_TEST_PASS_ONE_VERSION=.*/d' \
    "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
  assert_success

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_failure
  assert_output --partial 'missing version'

  _reset_app
}

@test "generate: use version from app env" {
  run sed -i 's/SECRET_TEST_PASS_ONE_VERSION=v1/SECRET_TEST_PASS_ONE_VERSION=v2/g' \
    "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
  assert_success

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_success
  assert_output --partial 'test_pass_one'

  run docker -c "$TEST_SERVER" secret ls
  assert_success
  assert_output --regexp ".*_test_pass_one_v2"
  refute_output --regexp ".*_test_pass_one_v1"

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success

  _reset_app
}

@test "generate: generate extra secret based on COMPOSE_FILE" {
  run sed -i 's/COMPOSE_FILE="compose.yml"/COMPOSE_FILE="compose.yml:compose.extra_secret.yml"/g' \
    "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
  assert_success

  run sed -i 's/#SECRET_EXTRA_PASS_VERSION=v1/SECRET_EXTRA_PASS_VERSION=v1/g' \
    "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
  assert_success

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_success
  assert_output --partial 'extra_pass'

  run docker -c "$TEST_SERVER" secret ls
  assert_success
  assert_output --partial "$TEST_APP_DOMAIN_extra_pass_v1"

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success

  _reset_app
}

@test "generate: bail if unstaged changes and no --chaos" {
  run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
  assert_success
  assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_failure
  assert_output --partial 'locally unstaged changes'

  run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
  assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}

@test "generate: do not generate if not enabled" {
  run sed -i '/- test_pass_one/d' "$ABRA_DIR/recipes/$TEST_RECIPE/compose.yml"
  assert_success

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all --chaos
  assert_success
  assert_output --partial 'test_pass_one not enabled in recipe config'
  assert_output --partial 'test_pass_two'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all --chaos
  assert_success

  _checkout_recipe
}

@test "generate: ensure secret name uses trimmed stack name" {
  # NOTE(d1): 45 chars, to ensure that the app name must be trimmed
  testAppDomain="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

  run $ABRA app new "$TEST_RECIPE" \
    --no-input \
    --server "$TEST_SERVER" \
    --domain "$testAppDomain.$TEST_SERVER" \
    --secrets \
    --debug
  assert_success
  assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
  assert_output --partial "avoid runtime limits"

  run $ABRA app secret rm "$testAppDomain.$TEST_SERVER" --all
  assert_success

  run rm -rf "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
  assert_success
  assert_not_exists "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
}

@test "generate: secret length honoured" {
  run bash -c '$ABRA app secret generate "$TEST_APP_DOMAIN" --all --machine \
    | jq -r ".[] | select(.name==\"test_pass_two\") | .value" | awk "{print length}"'
  assert_success
  assert_output --partial '10'  # NOTE(d1): hardcoded # length=10 in recipe config

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success
}

@test "insert: validate arguments" {
  run $ABRA app secret insert
  assert_failure
  assert_output --partial 'no app provided'

  run $ABRA app secret insert "$TEST_APP_DOMAIN"
  assert_failure
  assert_output --partial 'missing arguments'

  run $ABRA app secret insert "$TEST_APP_DOMAIN" bar
  assert_failure
  assert_output --partial 'missing arguments'

  run $ABRA app secret insert "$TEST_APP_DOMAIN" bar baz
  assert_failure
  assert_output --partial 'missing arguments'
}

@test "insert: create secret" {
  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'false'

  run $ABRA app secret insert "$TEST_APP_DOMAIN" test_pass_one v1 foo
  assert_success
  assert_output --partial 'successfully stored on server'

  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'true'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" test_pass_one
  assert_success
}

@test "rm: validate arguments" {
  run $ABRA app secret rm
  assert_failure
  assert_output --partial 'no app provided'

  run $ABRA app secret rm DOESNTEXIST
  assert_failure
  assert_output --partial 'cannot find app'

  run $ABRA app secret rm "$TEST_APP_DOMAIN"
  assert_failure
  assert_output --partial 'no secret(s) specified'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" test_pass_one --all
  assert_failure
  assert_output --partial 'cannot use'
  assert_output --partial "'--all' together"
}

@test "rm: single secret no match" {
  run $ABRA app secret rm "$TEST_APP_DOMAIN" foo_password
  assert_failure
  assert_output --partial "doesn't exist on server"
}

@test "rm: no secret match" {
  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_failure
  assert_output --partial 'no secrets to remove'
}

@test "rm: remove secret" {
  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_success

  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'true'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success

  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'false'
}

@test "rm: bail if unstaged changes and no --chaos" {
  run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
  assert_success
  assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_failure
  assert_output --partial 'locally unstaged changes'

  run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
  assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}

@test "ls: validate arguments" {
  run $ABRA app secret ls
  assert_failure
  assert_output --partial 'no app provided'

  run $ABRA app secret ls DOESNTEXIST
  assert_failure
  assert_output --partial 'cannot find app'
}

@test "ls: show secrets" {
  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'false'

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_success

  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'true'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success
}

@test "ls: show secrets as machine readable" {
  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_success
  assert_output --partial 'false'

  run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
  assert_success

  run $ABRA app secret ls "$TEST_APP_DOMAIN" --machine
  assert_success
  assert_output --partial '"created-on-server":"true"'

  run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
  assert_success
}

@test "ls: bail if unstaged changes and no --chaos" {
  run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
  assert_success
  assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"

  run $ABRA app secret ls "$TEST_APP_DOMAIN"
  assert_failure
  assert_output --partial 'locally unstaged changes'

  run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
  assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}