#! /usr/bin/env ruby
require 'spec_helper'
require 'puppet_spec/compiler'
require 'puppet_spec/files'
require 'puppet/pops'
require 'deep_merge/core'

describe "The lookup function" do
  include PuppetSpec::Compiler
  include PuppetSpec::Files

  let(:env_name) { 'spec' }
  let(:code_dir_files) { {} }
  let(:code_dir) { tmpdir('code') }
  let(:ruby_dir) { tmpdir('ruby') }
  let(:env_modules) { {} }
  let(:env_hiera_yaml) do
    <<-YAML.unindent
      ---
      version: 5
      hierarchy:
        - name: "Common"
          data_hash: yaml_data
          path: "common.yaml"
      YAML
  end

  let(:env_data) { {} }

  let(:environment_files) do
    {
      env_name => {
        'modules' => env_modules,
        'hiera.yaml' => env_hiera_yaml,
        'data' => env_data
      }
    }
  end

  let(:ruby_dir_files) { {} }

  let(:logs) { [] }
  let(:scope_additions ) { {} }
  let(:notices) { logs.select { |log| log.level == :notice }.map { |log| log.message } }
  let(:warnings) { logs.select { |log| log.level == :warning }.map { |log| log.message } }
  let(:debugs) { logs.select { |log| log.level == :debug }.map { |log| log.message } }
  let(:env) { Puppet::Node::Environment.create(env_name.to_sym, [File.join(populated_env_dir, env_name, 'modules')]) }
  let(:environments) { Puppet::Environments::Directories.new(populated_env_dir, []) }
  let(:node) { Puppet::Node.new('test_lookup', :environment => env) }
  let(:compiler) { Puppet::Parser::Compiler.new(node) }
  let(:lookup_func) { Puppet.lookup(:loaders).puppet_system_loader.load(:function, 'lookup') }
  let(:invocation_with_explain) { Puppet::Pops::Lookup::Invocation.new(compiler.topscope, {}, {}, true) }
  let(:explanation) { invocation_with_explain.explainer.explain }

  let(:populated_code_dir) do
    dir_contained_in(code_dir, code_dir_files)
    code_dir
  end

  let(:populated_ruby_dir) do
    dir_contained_in(ruby_dir, ruby_dir_files)
    ruby_dir
  end

  let(:env_dir) do
    d = File.join(populated_code_dir, 'environments')
    Dir.mkdir(d)
    d
  end

  let(:populated_env_dir) do
    dir_contained_in(env_dir, environment_files)
    env_dir
  end

  before(:each) do
    Puppet.settings[:codedir] = code_dir
    Puppet.push_context(:environments => environments, :current_environment => env)
  end

  after(:each) do
    Puppet.pop_context
    if Object.const_defined?(:Hiera)
      Hiera.send(:remove_instance_variable, :@config) if Hiera.instance_variable_defined?(:@config)
      Hiera.send(:remove_instance_variable, :@logger) if Hiera.instance_variable_defined?(:@logger)
      if Hiera.const_defined?(:Config)
        Hiera::Config.send(:remove_instance_variable, :@config) if Hiera::Config.instance_variable_defined?(:@config)
      end
      if Hiera.const_defined?(:Backend) && Hiera::Backend.respond_to?(:clear!)
        Hiera::Backend.clear!
      end
    end
  end

  def collect_notices(code, explain = false, &block)
    Puppet[:code] = code
    Puppet::Util::Log.with_destination(Puppet::Test::LogCollector.new(logs)) do
      scope = compiler.topscope
      scope['environment'] = env_name
      scope['domain'] = 'example.com'
      scope_additions.each_pair { |k, v| scope[k] = v }
      if explain
        begin
          invocation_with_explain.lookup('dummy', nil) do
            if block_given?
              compiler.compile { |catalog| block.call(compiler.topscope); catalog }
            else
              compiler.compile
            end
          end
        rescue RuntimeError => e
          invocation_with_explain.report_text { e.message }
        end
      else
        if block_given?
          compiler.compile { |catalog| block.call(compiler.topscope); catalog }
        else
          compiler.compile
        end
      end
    end
    nil
  end

  def lookup(key, options = {}, explain = false)
    nc_opts = options.empty? ? '' : ", #{Puppet::Pops::Types::TypeFormatter.string(options)}"
    keys = key.is_a?(Array) ? key : [key]
    collect_notices(keys.map { |k| "notice(String(lookup('#{k}'#{nc_opts}), '%p'))" }.join("\n"), explain)
    if explain
      explanation
    else
      result = notices.map { |n| Puppet::Pops::Types::TypeParser.singleton.parse_literal(n) }
      key.is_a?(Array) ? result : result[0]
    end
  end

  def explain(key, options = {})
    lookup(key, options, true)[1]
    explanation
  end

  context 'with faulty hiera.yaml configuration' do
    context 'in global layer' do
      let(:global_data) do
        {
          'common.yaml' => <<-YAML.unindent
            a: value a (from global)
            YAML
        }
      end

      let(:code_dir_files) do
        {
          'hiera.yaml' => hiera_yaml,
          'data' => global_data
        }
      end

      before(:each) do
        # Need to set here since spec_helper defines these settings in its "before each"
        Puppet.settings[:codedir] = populated_code_dir
        Puppet.settings[:hiera_config] = File.join(code_dir, 'hiera.yaml')
      end

      context 'using a not yet supported hiera version' do
        let(:hiera_yaml) { <<-YAML.unindent }
          version: 6
          YAML

        it 'fails and reports error' do
          expect { lookup('a') }.to raise_error("This runtime does not support hiera.yaml version 6 in #{code_dir}/hiera.yaml")
        end
      end

      context 'with multiply defined backend using hiera version 3' do
        let(:hiera_yaml) { <<-YAML.unindent }
          :version: 3
          :backends:
            - yaml
            - json
            - yaml
          YAML

        it 'fails and reports error' do
          expect { lookup('a') }.to raise_error(
            "Backend 'yaml' is defined more than once. First defined at line 3 at #{code_dir}/hiera.yaml:5")
        end
      end

      context 'using hiera version 4' do
        let(:hiera_yaml) { <<-YAML.unindent }
          version: 4
          YAML

        it 'fails and reports error' do
          expect { lookup('a') }.to raise_error(
            "hiera.yaml version 4 cannot be used in the global layer in #{code_dir}/hiera.yaml")
        end
      end

      context 'using hiera version 5' do
        context 'with multiply defined hierarchy' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common
                path: common.yaml
              - name: Other
                path: other.yaml
              - name: Common
                path: common.yaml
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "Hierarchy name 'Common' defined more than once. First defined at line 3 at #{code_dir}/hiera.yaml:7")
          end
        end

        context 'with hiera3_backend that is provided as data_hash function' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common
                hiera3_backend: hocon
                path: common.conf
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "Use \"data_hash: hocon_data\" instead of \"hiera3_backend: hocon\" at #{code_dir}/hiera.yaml:4")
          end
        end

        context 'with no data provider function defined' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            defaults:
              datadir: data
            hierarchy:
              - name: Common
                path: common.txt
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "One of data_hash, lookup_key, data_dig, or hiera3_backend must be defined in hierarchy 'Common' in #{code_dir}/hiera.yaml")
          end
        end

        context 'with multiple data providers in defaults' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            defaults:
              data_hash: yaml_data
              lookup_key: eyaml_lookup_key
              datadir: data
            hierarchy:
              - name: Common
                path: common.txt
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "Only one of data_hash, lookup_key, data_dig, or hiera3_backend can be defined in defaults in #{code_dir}/hiera.yaml")
          end
        end

        context 'with non existing data provider function' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common
                data_hash: nonesuch_txt_data
                path: common.yaml
            YAML

          it 'fails and reports error' do
            Puppet[:strict] = :error
            expect { lookup('a') }.to raise_error(
              "Unable to find 'data_hash' function named 'nonesuch_txt_data' in #{code_dir}/hiera.yaml")
          end
        end

        context 'with a declared default_hierarchy' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common
                path: common.yaml
            default_hierarchy:
              - name: Defaults
                path: defaults.yaml
            YAML

          it 'fails and reports error' do
            Puppet[:strict] = :error
            expect { lookup('a') }.to raise_error(
              "'default_hierarchy' is only allowed in the module layer at #{code_dir}/hiera.yaml:5")
          end
        end

        context 'with missing variables' do
          let(:scope_additions) { { 'fqdn' => 'test.example.com' } }
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common # don't report this line %{::nonesuch}
                path: "%{::fqdn}/%{::nonesuch}/data.yaml"
            YAML

          it 'fails and reports errors when strict == error' do
            Puppet[:strict] = :error
            expect { lookup('a') }.to raise_error("Undefined variable '::nonesuch' at #{code_dir}/hiera.yaml:4")
          end
        end

        context 'using interpolation functions' do
          let(:hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common # don't report this line %{::nonesuch}
                path: "%{lookup('fqdn')}/data.yaml"
            YAML

          it 'fails and reports errors when strict == error' do
            Puppet[:strict] = :error
            expect { lookup('a') }.to raise_error("Interpolation using method syntax is not allowed in this context in #{code_dir}/hiera.yaml")
          end
        end
      end
    end

    context 'in environment layer' do
      context 'using hiera version 4' do
        context 'with an unknown backend' do
          let(:env_hiera_yaml) { <<-YAML.unindent }
            version: 4
            hierarchy:
              - name: Common
                backend: nonesuch
                path: common.yaml
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "No data provider is registered for backend 'nonesuch' at #{env_dir}/spec/hiera.yaml:4")
          end
        end

        context 'with multiply defined hierarchy' do
          let(:env_hiera_yaml) { <<-YAML.unindent }
            version: 4
            hierarchy:
              - name: Common
                backend: yaml
                path: common.yaml
              - name: Other
                backend: yaml
                path: other.yaml
              - name: Common
                backend: yaml
                path: common.yaml
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "Hierarchy name 'Common' defined more than once. First defined at line 3 at #{env_dir}/spec/hiera.yaml:9")
          end
        end
      end

      context 'using hiera version 5' do
        context 'with a hiera3_backend declaration' do
          let(:env_hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common
                hiera3_backend: something
            YAML

          it 'fails and reports error' do
            expect { lookup('a') }.to raise_error(
              "'hiera3_backend' is only allowed in the global layer at #{env_dir}/spec/hiera.yaml:4")
          end
        end

        context 'with a declared default_hierarchy' do
          let(:env_hiera_yaml) { <<-YAML.unindent }
            version: 5
            hierarchy:
              - name: Common
                path: common.yaml
            default_hierarchy:
              - name: Defaults
                path: defaults.yaml
            YAML

          it 'fails and reports error' do
            Puppet[:strict] = :error
            expect { lookup('a') }.to raise_error(
              "'default_hierarchy' is only allowed in the module layer at #{env_dir}/spec/hiera.yaml:5")
          end
        end
      end
    end
  end

  context 'with an environment' do
    let(:env_data) do
      {
        'common.yaml' => <<-YAML.unindent
        ---
        a: value a (from environment)
        c:
          c_b: value c_b (from environment)
        mod_a::a: value mod_a::a (from environment)
        mod_a::hash_a:
          a: value mod_a::hash_a.a (from environment)
        mod_a::hash_b:
          a: value mod_a::hash_b.a (from environment)
        hash_b:
          hash_ba:
            bab: value hash_b.hash_ba.bab (from environment)
        hash_c:
          hash_ca:
            caa: value hash_c.hash_ca.caa (from environment)
        lookup_options:
          mod_a::hash_b:
            merge: hash
          hash_c:
            merge: hash
      YAML
      }
    end

    it 'finds data in the environment' do
      expect(lookup('a')).to eql('value a (from environment)')
    end

    context 'with log-level debug' do
      before(:each) { Puppet[:log_level] = 'debug' }

      it 'does not report a regular lookup as APL' do
        expect(lookup('a')).to eql('value a (from environment)')
        expect(debugs.count { |dbg| dbg =~ /\A\s*Automatic Parameter Lookup of/ }).to eql(0)
      end

      it 'reports regular lookup as lookup' do
        expect(lookup('a')).to eql('value a (from environment)')
        expect(debugs.count { |dbg| dbg =~ /\A\s*Lookup of/ }).to eql(1)
      end

      it 'does not report APL as lookup' do
        collect_notices("class mod_a($a) { notice($a) }; include mod_a")
        expect(debugs.count { |dbg| dbg =~ /\A\s*Lookup of/ }).to eql(0)
      end

      it 'reports APL as APL' do
        collect_notices("class mod_a($a) { notice($a) }; include mod_a")
        expect(debugs.count { |dbg| dbg =~ /\A\s*Automatic Parameter Lookup of/ }).to eql(1)
      end
    end

    context 'that has no lookup configured' do
      let(:environment_files) do
        {
          env_name => {
            'data' => env_data
          }
        }
      end

      it 'does not find data in the environment' do
        expect { lookup('a') }.to raise_error(Puppet::DataBinding::LookupError, /did not find a value for the name 'a'/)
      end

      context "but an environment.conf with 'environment_data_provider=hiera'" do
        let(:environment_files) do
          {
            env_name => {
              'environment.conf' => "environment_data_provider=hiera\n",
              'data' => env_data
            }
          }
        end

        it 'finds data in the environment and reports deprecation warning for environment.conf' do
          expect(lookup('a')).to eql('value a (from environment)')
          expect(warnings).to include(/Defining environment_data_provider='hiera' in environment.conf is deprecated. A 'hiera.yaml' file should be used instead/)
        end

        context 'and a hiera.yaml file' do
          let(:env_hiera_yaml) do
            <<-YAML.unindent
              ---
              version: 4
              hierarchy:
                - name: common
                  backend: yaml
              YAML
          end

          let(:environment_files) do
            {
              env_name => {
                'hiera.yaml' => env_hiera_yaml,
                'environment.conf' => "environment_data_provider=hiera\n",
                'data' => env_data
              }
            }
          end

          it 'finds data in the environment and reports deprecation warnings for both environment.conf and hiera.yaml' do
            expect(lookup('a')).to eql('value a (from environment)')
            expect(warnings).to include(/Defining environment_data_provider='hiera' in environment.conf is deprecated/)
            expect(warnings).to include(/Use of 'hiera.yaml' version 4 is deprecated. It should be converted to version 5/)
          end
        end
      end

      context "but an environment.conf with 'environment_data_provider=function'" do
        let(:environment_files) do
          {
            env_name => {
              'environment.conf' => "environment_data_provider=function\n",
              'functions' => {
                'environment' => { 'data.pp' => <<-PUPPET.unindent }
                    function environment::data() {
                      { 'a' => 'value a' }
                    }
                    PUPPET
              }
            }
          }
        end

        it 'finds data in the environment and reports deprecation warning for environment.conf' do
          expect(lookup('a')).to eql('value a')
          expect(warnings).to include(/Defining environment_data_provider='function' in environment.conf is deprecated. A 'hiera.yaml' file should be used instead/)
          expect(warnings).to include(/Using of legacy data provider function 'environment::data'. Please convert to a 'data_hash' function/)
        end
      end
    end

    context 'that has interpolated paths configured' do
      let(:env_hiera_yaml) do
        <<-YAML.unindent
          ---
          version: 5
          hierarchy:
            - name: "Varying"
              data_hash: yaml_data
              path: "#{data_path}"
          YAML
      end

      let(:environment_files) do
        {
          env_name => {
            'hiera.yaml' => env_hiera_yaml,
            'modules' => {},
            'data' => {
              'x.yaml' => <<-YAML.unindent,
                y: value y from x
                YAML
              'x_d.yaml' => <<-YAML.unindent,
                y: value y from x_d
                YAML
              'x_e.yaml' => <<-YAML.unindent,
                y: value y from x_e
                YAML
            }
          }
        }
      end

      context 'using local variable reference' do
        let(:data_path) { 'x%{var.sub}.yaml' }

        it 'reloads the configuration if interpolated values change' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            expect(lookup_func.call(scope, 'y')).to eql('value y from x')
            scope['var'] = { 'sub' => '_d' }
            expect(lookup_func.call(scope, 'y')).to eql('value y from x_d')
            nested_scope = scope.compiler.newscope(scope)
            nested_scope['var'] = { 'sub' => '_e' }
            expect(lookup_func.call(nested_scope, 'y')).to eql('value y from x_e')
          end
          expect(notices).to eql(['success'])
          expect(debugs.any? { |m| m =~ /Hiera configuration recreated due to change of scope variables used in interpolation expressions/ }).to be_truthy
        end

        it 'does not include the lookups performed during stability check in explain output' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            var = { 'sub' => '_d' }
            scope['var'] = var
            expect(lookup_func.call(scope, 'y')).to eql('value y from x_d')

            # Second call triggers the check
            expect(lookup_func.call(scope, 'y')).to eql('value y from x_d')
          end
          expect(notices).to eql(['success'])
          expect(debugs.any? { |m| m =~ /Sub key: "sub"/ }).to be_falsey
        end
      end

      context 'using global variable reference' do
        let(:data_path) { 'x%{::var.sub}.yaml' }

        it 'reloads the configuration if interpolated that was previously undefined, gets defined' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            expect(lookup_func.call(scope, 'y')).to eql('value y from x')
            scope['var'] = { 'sub' => '_d' }
            expect(lookup_func.call(scope, 'y')).to eql('value y from x_d')
          end
          expect(notices).to eql(['success'])
          expect(debugs.any? { |m| m =~ /Hiera configuration recreated due to change of scope variables used in interpolation expressions/ }).to be_truthy
        end

        it 'does not reload the configuration if value changes locally' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            scope['var'] = { 'sub' => '_d' }
            expect(lookup_func.call(scope, 'y')).to eql('value y from x_d')
            nested_scope = scope.compiler.newscope(scope)
            nested_scope['var'] = { 'sub' => '_e' }
            expect(lookup_func.call(nested_scope, 'y')).to eql('value y from x_d')
          end
          expect(notices).to eql(['success'])
          expect(debugs.any? { |m| m =~ /Hiera configuration recreated due to change of scope variables used in interpolation expressions/ }).to be_falsey
        end
      end
    end

    context 'that uses reserved' do
       let(:environment_files) do
        { env_name => { 'hiera.yaml' => hiera_yaml } }
      end

      context 'option' do
       let(:hiera_yaml) { <<-YAML.unindent }
          version: 5
          hierarchy:
            - name: "Illegal"
              options:
                #{opt_spec}
              data_hash: yaml_data
          YAML

        context 'path' do
          let(:opt_spec) { 'path: data/foo.yaml' }

          it 'fails and reports the reserved option key' do
            expect { lookup('a') }.to raise_error do |e|
              expect(e.message).to match(/Option key 'path' used in hierarchy 'Illegal' is reserved by Puppet/)
            end
          end
        end

        context 'uri' do
          let(:opt_spec) { 'uri: file:///data/foo.yaml' }

          it 'fails and reports the reserved option key' do
            expect { lookup('a') }.to raise_error do |e|
              expect(e.message).to match(/Option key 'uri' used in hierarchy 'Illegal' is reserved by Puppet/)
            end
          end
        end
      end

      context 'default option' do
        let(:hiera_yaml) { <<-YAML.unindent }
          ---
          version: 5
          defaults:
              options:
                #{opt_spec}
          hierarchy:
            - name: "Illegal"
              data_hash: yaml_data
          YAML

        context 'path' do
          let(:opt_spec) { 'path: data/foo.yaml' }

          it 'fails and reports the reserved option key' do
            expect { lookup('a') }.to raise_error do |e|
              expect(e.message).to match(/Option key 'path' used in defaults is reserved by Puppet/)
            end
          end
        end

        context 'uri' do
          let(:opt_spec) { 'uri: file:///data/foo.yaml' }

          it 'fails and reports the reserved option key' do
            expect { lookup('a') }.to raise_error do |e|
              expect(e.message).to match(/Option key 'uri' used in defaults is reserved by Puppet/)
            end
          end
        end
      end
    end

    context 'with yaml data file' do
      let(:environment_files) do
        {
          env_name => {
            'hiera.yaml' => <<-YAML.unindent,
              ---
              version: 5
              YAML
            'data' => {
              'common.yaml' => common_yaml
            }
          }
        }
      end

      context 'that contains hash values with interpolated keys' do
        let(:common_yaml) do
          <<-YAML.unindent
          ---
          a:
              "%{key}": "the %{value}"
          b:  "Detail in %{lookup('a.a_key')}"
          YAML
        end

        it 'interpolates both key and value"' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            expect(lookup_func.call(scope, 'a')).to eql({'' => 'the '})
            scope['key'] = 'a_key'
            scope['value'] = 'interpolated value'
            expect(lookup_func.call(scope, 'a')).to eql({'a_key' => 'the interpolated value'})
          end
          expect(notices).to eql(['success'])
        end

        it 'navigates to a value behind an interpolated key"' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            scope['key'] = 'a_key'
            scope['value'] = 'interpolated value'
            expect(lookup_func.call(scope, 'a.a_key')).to eql('the interpolated value')
          end
          expect(notices).to eql(['success'])
        end

        it 'navigates to a value behind an interpolated key using an interpolated value"' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            scope['key'] = 'a_key'
            scope['value'] = 'interpolated value'
            expect(lookup_func.call(scope, 'b')).to eql('Detail in the interpolated value')
          end
          expect(notices).to eql(['success'])
        end
      end

      context 'that is empty' do
        let(:common_yaml) { '' }

        it 'fails with a "did not find"' do
          expect { lookup('a') }.to raise_error do |e|
            expect(e.message).to match(/did not find a value for the name 'a'/)
          end
        end

        it 'logs a warning that the file does not contain a hash' do
          expect { lookup('a') }.to raise_error(Puppet::DataBinding::LookupError)
          expect(warnings).to include(/spec\/data\/common.yaml: file does not contain a valid yaml hash/)
        end
      end

      context 'that contains illegal yaml' do
        let(:common_yaml) { "@!#%**&:\n" }

        it 'fails lookup and that the key is not found' do
          expect { lookup('a') }.to raise_error do |e|
            expect(e.message).to match(/Unable to parse/)
          end
        end
      end

      context 'that contains a legal yaml that is not a hash' do
        let(:common_yaml) { "- A list\n- of things" }

        it 'fails with a "did not find"' do
          expect { lookup('a') }.to raise_error do |e|
            expect(e.message).to match(/did not find a value for the name 'a'/)
          end
        end

        it 'logs a warning that the file does not contain a hash' do
          expect { lookup('a') }.to raise_error(Puppet::DataBinding::LookupError)
          expect(warnings).to include(/spec\/data\/common.yaml: file does not contain a valid yaml hash/)
        end
      end

      context 'that contains a legal yaml hash with illegal types' do
        let(:common_yaml) do
          <<-YAML.unindent
          ---
          a: !ruby/object:Puppet::Graph::Key
              value: x
          YAML
        end

        it 'fails lookup and reports a type mismatch' do
          expect { lookup('a') }.to raise_error do |e|
            expect(e.message).to match(/key 'a'.*data_hash function 'yaml_data'.*using location.*wrong type, expects Puppet::LookupValue, got Runtime/)
          end
        end
      end

      context 'that contains illegal interpolations' do
        context 'in the form of an alias that is not the entire string' do
          let(:common_yaml) { <<-YAML.unindent }
            a: "%{alias('x')} and then some"
            x: value x
            YAML

          it 'fails lookup and reports a type mismatch' do
            expect { lookup('a') }.to raise_error("'alias' interpolation is only permitted if the expression is equal to the entire string")
          end
        end

        context 'in the form of an unknown function name' do
          let(:common_yaml) { <<-YAML.unindent }
            a: "%{what('x')}"
            x: value x
            YAML

          it 'fails lookup and reports a type mismatch' do
            expect { lookup('a') }.to raise_error("Unknown interpolation method 'what'")
          end
        end
      end

      context 'that contains an array with duplicates' do
        let(:common_yaml) { <<-YAML.unindent }
          a:
           - alpha
           - bravo
           - charlie
           - bravo
          YAML

        it 'retains the duplicates when using default merge strategy' do
          expect(lookup('a')).to eql(%w(alpha bravo charlie bravo))
        end

        it 'does deduplification when using merge strategy "unique"' do
          expect(lookup('a', :merge => 'unique')).to eql(%w(alpha bravo charlie))
        end
      end
    end

    context 'with lookup_options configured using patterns' do
      let(:mod_common) {
        <<-YAML.unindent
          mod::hash_a:
            aa:
              aaa: aaa (from module)
            ab:
              aba: aba (from module)
          mod::hash_b:
            ba:
              baa: baa (from module)
            bb:
              bba: bba (from module)
          lookup_options:
            '^mod::ha.*_a':
              merge: deep
            '^mod::ha.*_b':
              merge: deep
        YAML
      }

      let(:mod_base) do
        {
          'hiera.yaml' => <<-YAML.unindent,
            version: 5
            YAML
          'data' => {
            'common.yaml' => mod_common
          }
        }
      end

      let(:env_modules) do
        {
          'mod' => mod_base
        }
      end

      let(:env_hiera_yaml) do
        <<-YAML.unindent
          ---
          version: 5
          hierarchy:
            - name: X
              paths:
              - first.yaml
              - second.yaml
          YAML
      end

      let(:env_lookup_options) { <<-YAML.unindent }
        lookup_options:
          b:
            merge: hash
          '^[^b]$':
             merge: deep
          '^c':
             merge: first
          '^b':
             merge: first
          '^mod::ha.*_b':
            merge: hash
        YAML

      let(:env_data) do
        {
          'first.yaml' => <<-YAML.unindent + env_lookup_options,
            a:
              aa:
                aaa: a.aa.aaa
            b:
              ba:
                baa: b.ba.baa
              bb:
                bba: b.bb.bba
            c:
              ca:
                caa: c.ca.caa
            mod::hash_a:
              aa:
                aab: aab (from environment)
              ab:
                aba: aba (from environment)
                abb: abb (from environment)
            mod::hash_b:
              ba:
                bab: bab (from environment)
              bc:
                bca: bca (from environment)
            sa:
              sa1: ['e', 'd', '--f']
            YAML
          'second.yaml' => <<-YAML.unindent,
            a:
              aa:
                aab: a.aa.aab
            b:
              ba:
                bab: b.ba.bab
              bb:
                bbb: b.bb.bbb
            c:
              ca:
                cab: c.ca.cab
            sa:
              sa1: ['b', 'a', 'f', 'c']
            YAML
        }
      end

      it 'finds lookup_options that matches a pattern' do
        expect(lookup('a')).to eql({'aa' => { 'aaa' => 'a.aa.aaa', 'aab' => 'a.aa.aab' }})
      end

      it 'gives a direct key match higher priority than a matching pattern' do
        expect(lookup('b')).to eql({'ba' => { 'baa' => 'b.ba.baa' }, 'bb' => { 'bba'=>'b.bb.bba' }})
      end

      it 'uses the first matching pattern' do
        expect(lookup('c')).to eql({'ca' => { 'caa' => 'c.ca.caa', 'cab' => 'c.ca.cab' }})
      end

      it 'uses lookup_option found by pattern from module' do
        expect(lookup('mod::hash_a')).to eql({
          'aa' => {
            'aaa' => 'aaa (from module)',
            'aab' => 'aab (from environment)'
          },
          'ab' => {
            'aba' => 'aba (from environment)',
            'abb' => 'abb (from environment)'
          }
        })
      end

      it 'merges lookup_options found by pattern in environment and module (environment wins)' do
        expect(lookup('mod::hash_b')).to eql({
          'ba' => {
            'bab' => 'bab (from environment)'
          },
          'bb' => {
            'bba' => 'bba (from module)'
          },
          'bc' => {
            'bca' => 'bca (from environment)'
          }
        })
      end

      context 'and patterns in module are not limited to module keys' do
        let(:mod_common) {
          <<-YAML.unindent
          mod::hash_a:
            aa:
              aaa: aaa (from module)
            ab:
              aba: aba (from module)
          lookup_options:
            '^.*_a':
              merge: deep
          YAML
        }

        it 'fails with error' do
          expect { lookup('mod::a') }.to raise_error(Puppet::DataBinding::LookupError, /all lookup_options patterns must match a key starting with module name/)
        end
      end

      context 'and there are no lookup options that do not use patterns' do

        let(:env_lookup_options) { <<-YAML.unindent }
          lookup_options:
            '^[^b]$':
              merge: deep
            '^c':
              merge: first
            '^b':
              merge: first
            '^mod::ha.*_b':
              merge: hash
          YAML

        it 'finds lookup_options that matches a pattern' do
          expect(lookup('a')).to eql({'aa' => { 'aaa' => 'a.aa.aaa', 'aab' => 'a.aa.aab' }})
        end
      end

      context 'and lookup options use a hash' do

        let(:env_lookup_options) { <<-YAML.unindent }
          lookup_options:
            'sa':
              merge:
                strategy: deep
                knockout_prefix: --
                sort_merged_arrays: true
        YAML

        it 'applies knockout_prefix and sort_merged_arrays' do
          expect(lookup('sa')).to eql({ 'sa1' => %w(a b c d e) })
        end

        it 'overrides knockout_prefix and sort_merged_arrays with explicitly given values' do
          expect(
            lookup('sa', 'merge' => { 'strategy' => 'deep', 'knockout_prefix' => '##', 'sort_merged_arrays' => false })).to(
              eql({ 'sa1' => %w(b a f c e d --f) }))
        end
      end
    end

    context 'and an environment Hiera v5 configuration using globs' do
      let(:env_hiera_yaml) do
        <<-YAML.unindent
        ---
        version: 5
        hierarchy:
          - name: Globs
            globs:
              - "globs/*.yaml"
              - "globs_%{domain}/*.yaml"
        YAML
      end

      let(:env_data) do
        {
          'globs' => {
            'a.yaml' => <<-YAML.unindent,
              glob_a: value glob_a
              YAML
            'b.yaml' => <<-YAML.unindent
              glob_b:
                a: value glob_b.a
                b: value glob_b.b
            YAML
          },
          'globs_example.com' => {
            'a.yaml' => <<-YAML.unindent,
              glob_c: value glob_a
              YAML
            'b.yaml' => <<-YAML.unindent
              glob_b:
                c: value glob_b.c
                d: value glob_b.d
            YAML

          }
        }
      end
    end

    context 'and an environment Hiera v5 configuration using mapped_paths' do
      let(:scope_additions) do
        {
          'mapped' =>  {
            'array_var' => ['a', 'b', 'c'],
            'hash_var' => { 'x' => 'a', 'y' => 'b', 'z' => 'c' },
            'string_var' => 's' },
          'var' => 'global_var' # overridden by mapped path variable
        }
      end

      let(:env_hiera_yaml) do
        <<-YAML.unindent
        ---
        version: 5
        hierarchy:
          - name: Mapped Paths
            mapped_paths: #{mapped_paths}
          - name: Global Path
            path: "%{var}.yaml"
        YAML
      end

      let(:environment_files) do
        {
          env_name => {
            'hiera.yaml' => env_hiera_yaml,
            'data' => env_data
          }
        }
      end

      context 'that originates from an array' do
        let (:mapped_paths) { '[mapped.array_var, var, "paths/%{var}.yaml"]' }

        let(:env_data) do
          {
            'paths' => {
              'a.yaml' => <<-YAML.unindent,
                path_a: value path_a
                path_h:
                  a: value path_h.a
                  c: value path_h.c
                YAML
              'b.yaml' => <<-YAML.unindent,
                path_h:
                  b: value path_h.b
                  d: value path_h.d
                YAML
              'd.yaml' => <<-YAML.unindent
                path_h:
                  b: value path_h.b (from d.yaml)
                  d: value path_h.d (from d.yaml)
                YAML
            },
            'global_var.yaml' => <<-YAML.unindent,
              path_h:
                e: value path_h.e
              YAML
            'other_var.yaml' => <<-YAML.unindent
              path_h:
                e: value path_h.e (from other_var.yaml)
              YAML
          }
        end

        it 'finds environment data using mapped_paths' do
          expect(lookup('path_a')).to eql('value path_a')
          expect(warnings).to be_empty
        end

        it 'includes mapped path in explain output' do
          explanation = explain('path_h', 'merge' => 'deep')
          ['a', 'b', 'c'].each do |var|
            expect(explanation).to match(/^\s+Path "#{env_dir}\/spec\/data\/paths\/#{var}\.yaml"\n\s+Original path: "paths\/%\{var\}\.yaml"/)
          end
          expect(warnings).to be_empty
        end

        it 'performs merges between mapped paths and global path interpolated using same key' do
          expect(lookup('path_h', 'merge' => 'hash')).to eql(
            {
              'a' => 'value path_h.a',
              'b' => 'value path_h.b',
              'c' => 'value path_h.c',
              'd' => 'value path_h.d',
              'e' => 'value path_h.e'
            })
          expect(warnings).to be_empty
        end

        it 'keeps track of changes in key overridden by interpolated key' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            expect(lookup_func.call(scope, 'path_h', 'merge' => 'hash')).to eql(
              {
                'a' => 'value path_h.a',
                'b' => 'value path_h.b',
                'c' => 'value path_h.c',
                'd' => 'value path_h.d',
                'e' => 'value path_h.e'
              })
            scope.with_local_scope('var' => 'other_var') do
              expect(lookup_func.call(scope, 'path_h', 'merge' => 'hash')).to eql(
                {
                  'a' => 'value path_h.a',
                  'b' => 'value path_h.b',
                  'c' => 'value path_h.c',
                  'd' => 'value path_h.d',
                  'e' => 'value path_h.e (from other_var.yaml)'
                })
            end
          end
          expect(notices).to eql(['success'])
          expect(debugs.any? { |m| m =~ /Hiera configuration recreated due to change of scope variables used in interpolation expressions/ }).to be_truthy
        end

        it 'keeps track of changes in elements of mapped key' do
          Puppet[:log_level] = 'debug'
          collect_notices("notice('success')") do |scope|
            expect(lookup_func.call(scope, 'path_h', 'merge' => 'hash')).to eql(
              {
                'a' => 'value path_h.a',
                'b' => 'value path_h.b',
                'c' => 'value path_h.c',
                'd' => 'value path_h.d',
                'e' => 'value path_h.e'
              })
            scope['mapped']['array_var'] = ['a', 'c', 'd']
            expect(lookup_func.call(scope, 'path_h', 'merge' => 'hash')).to eql(
              {
                'a' => 'value path_h.a',
                'b' => 'value path_h.b (from d.yaml)',
                'c' => 'value path_h.c',
                'd' => 'value path_h.d (from d.yaml)',
                'e' => 'value path_h.e'
              })
          end
          expect(notices).to eql(['success'])
          expect(debugs.any? { |m| m =~ /Hiera configuration recreated due to change of scope variables used in interpolation expressions/ }).to be_truthy
        end
      end

      context 'that originates from a hash' do
        let (:mapped_paths) { '[mapped.hash_var, var, "paths/%{var.0}.%{var.1}.yaml"]' }

        let(:env_data) do
          {
            'paths' => {
              'x.a.yaml' => <<-YAML.unindent,
                path_xa: value path_xa
                path_m:
                  a: value path_m.a
                  c: value path_m.c
                YAML
              'y.b.yaml' => <<-YAML.unindent
                path_m:
                  b: value path_m.b
                  d: value path_m.d
                YAML
            },
            'global_var.yaml' => <<-YAML.unindent
              path_m:
                e: value path_m.e
              YAML
          }
        end

        it 'finds environment data using mapped_paths' do
          expect(lookup('path_xa')).to eql('value path_xa')
          expect(warnings).to be_empty
        end

        it 'includes mapped path in explain output' do
          explanation = explain('path_h', 'merge' => 'deep')
          ['x\.a', 'y\.b', 'z\.c'].each do |var|
            expect(explanation).to match(/^\s+Path "#{env_dir}\/spec\/data\/paths\/#{var}\.yaml"\n\s+Original path: "paths\/%\{var\.0\}\.%\{var\.1\}\.yaml"/)
          end
          expect(warnings).to be_empty
        end

        it 'performs merges between mapped paths' do
          expect(lookup('path_m', 'merge' => 'hash')).to eql(
            {
              'a' => 'value path_m.a',
              'b' => 'value path_m.b',
              'c' => 'value path_m.c',
              'd' => 'value path_m.d',
              'e' => 'value path_m.e'
            })
          expect(warnings).to be_empty
        end
      end

      context 'that originates from a string' do
        let (:mapped_paths) { '[mapped.string_var, var, "paths/%{var}.yaml"]' }

        let(:env_data) do
          {
            'paths' => {
              's.yaml' => <<-YAML.unindent,
                path_s: value path_s
                YAML
            }
          }
        end

        it 'includes mapped path in explain output' do
          expect(explain('path_s')).to match(/^\s+Path "#{env_dir}\/spec\/data\/paths\/s\.yaml"\n\s+Original path: "paths\/%\{var\}\.yaml"/)
          expect(warnings).to be_empty
        end

        it 'finds environment data using mapped_paths' do
          expect(lookup('path_s')).to eql('value path_s')
          expect(warnings).to be_empty
        end
      end

      context 'where the enty does not exist' do
        let (:mapped_paths) { '[mapped.nosuch_var, var, "paths/%{var}.yaml"]' }

        it 'finds environment data using mapped_paths' do
          expect(explain('hello')).to match(/No such key: "hello"/)
          expect(warnings).to be_empty
        end
      end
    end

    context 'and an environment Hiera v3 configuration' do
      let(:env_hiera_yaml) do
        <<-YAML.unindent
          ---
          :backends: yaml
          :yaml:
            :datadir:  #{env_dir}/#{env_name}/hieradata
          YAML
      end

      let(:environment_files) do
        {
          env_name => {
            'hiera.yaml' => env_hiera_yaml,
            'hieradata' => {
              'common.yaml' => <<-YAML.unindent,
                g: Value g
                YAML
            }
          }
        }
      end

      it 'will raise an error if --strict is set to error' do
        Puppet[:strict] = :error
        expect { lookup('g') }.to raise_error(Puppet::Error, /hiera.yaml version 3 cannot be used in an environment/)
      end

      it 'will log a warning and ignore the file if --strict is set to warning' do
        Puppet[:strict] = :warning
        expect { lookup('g') }.to raise_error(Puppet::Error, /did not find a value for the name 'g'/)
      end

      it 'will not log a warning and ignore the file if --strict is set to off' do
        Puppet[:strict] = :off
        expect { lookup('g') }.to raise_error(Puppet::Error, /did not find a value for the name 'g'/)
        expect(warnings).to include(/hiera.yaml version 3 found at the environment root was ignored/)
      end

      it 'will use the configuration if appointed by global setting but still warn when encountered by environment data provider' do
        Puppet[:strict] = :warning
        Puppet.settings[:hiera_config] = File.join(env_dir, env_name, 'hiera.yaml')
        expect(lookup('g')).to eql('Value g')
        expect(warnings).to include(/hiera.yaml version 3 found at the environment root was ignored/)
      end
    end

    context 'and a global empty Hiera configuration' do
      let(:hiera_yaml_path) { File.join(code_dir, 'hiera.yaml') }
      let(:code_dir_files) do
        {
          'hiera.yaml' => '',
        }
      end

      let(:environment_files) do
        {
          env_name => {
            'hieradata' => {
              'common.yaml' =>  <<-YAML.unindent,
                x: value x (from environment)
                YAML
            }
          }
        }
      end

      before(:each) do
        # Need to set here since spec_helper defines these settings in its "before each"
        Puppet.settings[:hiera_config] = hiera_yaml_path
      end

      it 'uses a Hiera version 3 defaults' do
        expect(lookup('x')).to eql('value x (from environment)')
      end

      context 'obtained using /dev/null', :unless => Puppet.features.microsoft_windows? do
        let(:code_dir_files) { {} }

        it 'uses a Hiera version 3 defaults' do
          Puppet[:hiera_config] = '/dev/null'
          expect(lookup('x')).to eql('value x (from environment)')
        end
      end
    end

    context 'and a global configuration' do
      let(:hiera_yaml) do
        <<-YAML.unindent
        ---
        :backends:
          - yaml
          - json
          - custom
          - hocon
        :yaml:
          :datadir: #{code_dir}/hieradata
        :json:
          :datadir: #{code_dir}/hieradata
        :hocon:
          :datadir: #{code_dir}/hieradata
        :hierarchy:
          - common
          - "%{domain}"
        :merge_behavior: deeper
        YAML
      end

      let(:code_dir_files) do
        {
          'hiera.yaml' => hiera_yaml,
          'hieradata' => {
            'common.yaml' =>  <<-YAML.unindent,
              a: value a (from global)
              hash_b:
                hash_ba:
                  bab: value hash_b.hash_ba.bab (from global)
              hash_c:
                hash_ca:
                  cab: value hash_c.hash_ca.cab (from global)
              ipl_hiera_env: "environment value '%{hiera('mod_a::hash_a.a')}'"
              ipl_hiera_mod: "module value '%{hiera('mod_a::abc')}'"
              ipl_hiera_modc: "module value '%{hiera('mod_a::caller')}'"
              YAML
            'example.com.yaml' =>  <<-YAML.unindent,
              x: value x (from global example.com.yaml)
              YAML
            'common.json' =>  <<-JSON.unindent,
              {
                "hash_b": {
                  "hash_ba": {
                    "bac": "value hash_b.hash_ba.bac (from global json)"
                  }
                },
                "hash_c": {
                  "hash_ca": {
                    "cac": "value hash_c.hash_ca.cac (from global json)"
                  }
                }
              }
              JSON
            'common.conf' =>  <<-HOCON.unindent,
              // The 'xs' is a value used for testing
              xs = { subkey = value xs.subkey (from global hocon) }
              HOCON
          }
        }
      end

      let(:ruby_dir_files) do
        {
          'hiera' => {
            'backend' => {
              'custom_backend.rb' => <<-RUBY.unindent,
            class Hiera::Backend::Custom_backend
              def lookup(key, scope, order_override, resolution_type, context)
                case key
                when 'hash_c'
                  { 'hash_ca' => { 'cad' => 'value hash_c.hash_ca.cad (from global custom)' }}
                when 'hash'
                  { 'array' => [ 'x5,x6' ] }
                when 'array'
                  [ 'x5,x6' ]
                when 'datasources'
                  Hiera::Backend.datasources(scope, order_override) { |source| source }
                when 'dotted.key'
                  'custom backend received request for dotted.key value'
                else
                  throw :no_such_key
                end
              end
            end
            RUBY
            'other_backend.rb' => <<-RUBY.unindent,
            class Hiera::Backend::Other_backend
              def lookup(key, scope, order_override, resolution_type, context)
                value = Hiera::Config[:other][key.to_sym]
                throw :no_such_key if value.nil?
                value
              end
            end
            RUBY
            }
          }
        }
      end

      before(:each) do
        # Need to set here since spec_helper defines these settings in its "before each"
        Puppet.settings[:codedir] = populated_code_dir
        Puppet.settings[:hiera_config] = File.join(code_dir, 'hiera.yaml')
      end

      around(:each) do |example|
        # Faking the load path to enable 'require' to load from 'ruby_stuff'. It removes the need for a static fixture
        # for the custom backend
        $LOAD_PATH.unshift(populated_ruby_dir)
        begin
          Puppet.override(:environments => environments, :current_environment => env) do
            example.run
          end
        ensure
          if Kernel.const_defined?(:Hiera) && Hiera.const_defined?(:Backend)
            Hiera::Backend.send(:remove_const, :Custom_backend) if Hiera::Backend.const_defined?(:Custom_backend)
            Hiera::Backend.send(:remove_const, :Other_backend) if Hiera::Backend.const_defined?(:Other_backend)
          end
          $LOAD_PATH.shift
        end
      end

      context 'version 3' do
        it 'finds data in in global layer and reports deprecation warnings for hiera.yaml' do
          expect(lookup('a')).to eql('value a (from global)')
          expect(warnings).to include(/Use of 'hiera.yaml' version 3 is deprecated. It should be converted to version 5/)
        end

        it 'explain contains output from global layer' do
          explanation = explain('a')
          expect(explanation).to include('Global Data Provider (hiera configuration version 3)')
          expect(explanation).to include('Hierarchy entry "yaml"')
          expect(explanation).to include('Hierarchy entry "json"')
          expect(explanation).to include('Found key: "a" value: "value a (from global)"')
        end

        it 'ignores merge behavior specified in global hiera.yaml' do
          expect(lookup('hash_b')).to eql(
            { 'hash_ba' => { 'bab' => 'value hash_b.hash_ba.bab (from global)'} })
        end

        it 'uses the merge from lookup options to merge all layers' do
          expect(lookup('hash_c')).to eql(
            { 'hash_ca' => { 'cab' => 'value hash_c.hash_ca.cab (from global)' } })
        end

        it 'uses the explicitly given merge to override lookup options and to merge all layers' do
          expect(lookup('hash_c', 'merge' => 'deep')).to eql(
            {
              'hash_ca' =>
              {
                'caa' => 'value hash_c.hash_ca.caa (from environment)',
                'cab' => 'value hash_c.hash_ca.cab (from global)',
                'cac' => 'value hash_c.hash_ca.cac (from global json)',
                'cad' => 'value hash_c.hash_ca.cad (from global custom)'
              }
            })
        end

        it 'paths are interpolated' do
          expect(lookup('x')).to eql('value x (from global example.com.yaml)')
        end

        it 'backend data sources are propagated to custom backend' do
          expect(lookup('datasources')).to eql(['common', 'example.com'])
        end

        it 'delegates configured hocon backend to hocon_data function' do
          expect(explain('xs')).to match(/Hierarchy entry "hocon"\n.*\n.*\n.*"common"\n\s*Found key: "xs"/m)
        end

        it 'can dig down into subkeys provided by hocon_data function' do
          expect(lookup('xs.subkey')).to eql('value xs.subkey (from global hocon)')
        end

        context 'with a module data provider' do
          let(:module_files) do
            {
              'mod_a' => {
                'hiera.yaml' => <<-YAML.unindent,
                  version: 5
                  hierarchy:
                    - name: Common
                      path: common.yaml
                  YAML
                'data' => {
                  'common.yaml' =>  <<-YAML.unindent
                    mod_a::abc: value mod_a::abc (from module)
                    mod_a::caller: "calling module is %{calling_module}"
                  YAML
                }
              }
            }
          end

          let(:environment_files) do
            {
              env_name => {
                'hiera.yaml' => env_hiera_yaml,
                'data' => env_data,
                'modules' => module_files
              }
            }
          end

          it "interpolation function 'hiera' finds values in environment" do
            expect(lookup('ipl_hiera_env')).to eql("environment value 'value mod_a::hash_a.a (from environment)'")
          end

          it "interpolation function 'hiera' finds values in module" do
            expect(lookup('ipl_hiera_mod')).to eql("module value 'value mod_a::abc (from module)'")
          end

          it "interpolation function 'hiera' finds values in module and that module does not find %{calling_module}" do
            expect(lookup('ipl_hiera_modc')).to eql("module value 'calling module is '")
          end

          context 'but no environment data provider' do
            let(:environment_files) do
              {
                env_name => {
                  'modules' => module_files
                }
              }
            end

            it "interpolation function 'hiera' does not find values in a module" do
              expect(lookup('ipl_hiera_mod')).to eql("module value ''")
            end
          end
        end


        context 'using an eyaml backend' do
          let(:private_key_name) { 'private_key.pkcs7.pem' }
          let(:public_key_name) { 'public_key.pkcs7.pem' }

          let(:private_key) do
            <<-PKCS7.unindent
              -----BEGIN RSA PRIVATE KEY-----
              MIIEogIBAAKCAQEAwHB3GvImq59em4LV9DMfP0Zjs21eW3Jd5I9fuY0jLJhIkH6f
              CR7tyOpYV6xUj+TF8giq9WLxZI7sourMJMWjEWhVjgUr5lqp1RLv4lwfDv3Wk4XC
              2LUuqj1IAErUXKeRz8i3lUSZW1Pf4CaMpnIiPdWbz6f0KkaJSFi9bqexONBx4fKQ
              NlgZwm2/aYjjrYng788I0QhWDKUqsQOi5mZKlHNRsDlk7J3Afhsx/jTLrCX/G8+2
              tPtLsHyRN39kluM5vYHbKXDsCG/a88Z2yUE2+r4Clp0FUKffiEDBPm0/H0sQ4Q1o
              EfQFDQRKaIkhpsm0nOnLYTy3/xJc5uqDNkLiawIDAQABAoIBAE98pNXOe8ab93oI
              mtNZYmjCbGAqprTjEoFb71A3SfYbmK2Gf65GxjUdBwx/tBYTiuekSOk+yzKcDoZk
              sZnmwKpqDByzaiSmAkxunANFxdZtZvpcX9UfUX0j/t+QCROUa5gF8j6HrUiZ5nkx
              sxr1PcuItekaGLJ1nDLz5JsWTQ+H4M+GXQw7/t96x8v8g9el4exTiAHGk6Fv16kD
              017T02M9qTTmV3Ab/enDIBmKVD42Ta36K/wc4l1aoUQNiRbIGVh96Cgd1CFXLF3x
              CsaNbYT4SmRXaYqoj6MKq+QFEGxadFmJy48NoSd4joirIn2lUjHxJebw3lLbNLDR
              uvQnQ2ECgYEA/nD94wEMr6078uMv6nKxPpNGq7fihwSKf0G/PQDqrRmjUCewuW+k
              /iXMe1Y/y0PjFeNlSbUsUvKQ5xF7F/1AnpuPHIrn3cjGVLb71W+zen1m8SnhsW/f
              7dPgtcb4SCvfhmLgoov+P34YcNfGi6qgPUu6319IqoB3BIi7PvfEomkCgYEAwZ4+
              V0bMjFdDn2hnYzjTNcF2aUQ1jPvtuETizGwyCbbMLl9522lrjC2DrH41vvqX35ct
              CBJkhQFbtHM8Gnmozv0vxhI2jP+u14mzfePZsaXuYrEgWRj+BCsYUHodXryxnEWj
              yVrTNskab1B5jFm2SCJDmKcycBOYpRBLCMx6W7MCgYBA99z7/6KboOIzzKrJdGup
              jLV410UyMIikoccQ7pD9jhRTPS80yjsY4dHqlEVJw5XSWvPb9DTTITi6p44EvBep
              6BKMuTMnQELUEr0O7KypVCfa4FTOl8BX28f+4kU3OGykxc6R8qkC0VGwTohV1UWB
              ITsgGhZV4uOA9uDI3T8KMQKBgEnQY2HwmuDSD/TA39GDA3qV8+ez2lqSXRGIKZLX
              mMf9SaBQQ+uzKA4799wWDbVuYeIbB07xfCL83pJP8FUDlqi6+7Celu9wNp7zX1ua
              Nw8z/ErhzjxJe+Xo7A8aTwIkG+5A2m1UU/up9YsEeiJYvVaIwY58B42U2vfq20BS
              fD9jAoGAX2MscBzIsmN+U9R0ptL4SXcPiVnOl8mqvQWr1B4OLgxX7ghht5Fs956W
              bHipxOWMFCPJA/AhNB8q1DvYiD1viZbIALSCJVUkzs4AEFIjiPsCBKxerl7jF6Xp
              1WYSaCmfvoCVEpFNt8cKp4Gq+zEBYAV4Q6TkcD2lDtEW49MuN8A=
              -----END RSA PRIVATE KEY-----
              PKCS7
          end

          let(:public_key) do
            <<-PKCS7.unindent
              -----BEGIN CERTIFICATE-----
              MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE3MDExMzA5MTY1
              MloYDzIwNjcwMTAxMDkxNjUyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
              CgKCAQEAwHB3GvImq59em4LV9DMfP0Zjs21eW3Jd5I9fuY0jLJhIkH6fCR7tyOpY
              V6xUj+TF8giq9WLxZI7sourMJMWjEWhVjgUr5lqp1RLv4lwfDv3Wk4XC2LUuqj1I
              AErUXKeRz8i3lUSZW1Pf4CaMpnIiPdWbz6f0KkaJSFi9bqexONBx4fKQNlgZwm2/
              aYjjrYng788I0QhWDKUqsQOi5mZKlHNRsDlk7J3Afhsx/jTLrCX/G8+2tPtLsHyR
              N39kluM5vYHbKXDsCG/a88Z2yUE2+r4Clp0FUKffiEDBPm0/H0sQ4Q1oEfQFDQRK
              aIkhpsm0nOnLYTy3/xJc5uqDNkLiawIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
              MB0GA1UdDgQWBBSejWrVnw7QaBjNFCHMNFi+doSOcTAoBgNVHSMEITAfgBSejWrV
              nw7QaBjNFCHMNFi+doSOcaEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAAe85
              BQ1ydAHFqo0ib38VRPOwf5xPHGbYGhvQi4/sU6aTuR7pxaOJPYz05jLhS+utEmy1
              sknBq60G67yhQE7IHcfwrl1arirG2WmKGvAbjeYL2K1UiU0pVD3D+Klkv/pK6jIQ
              eOJRGb3qNUn0Sq9EoYIOXiGXQ641F0bZZ0+5H92kT1lmnF5oLfCb84ImD9T3snH6
              pIr5RKRx/0YmJIcv3WdpoPT903rOJiRIEgIj/hDk9QZTBpm222Ul5yQQ5pBywpSp
              xh0bmJKAQWhQm7QlybKfyaQmg5ot1jEzWAvD2I5FjHQxmAlchjb6RreaRhExj+JE
              5O117dMBdzDBjcNMOA==
              -----END CERTIFICATE-----
              PKCS7
          end

          let(:keys_dir) do
            keys = tmpdir('keys')
            dir_contained_in(keys, {
              private_key_name => private_key,
              public_key_name => public_key
            })
            keys
          end

          let(:private_key_path) { File.join(keys_dir, private_key_name) }
          let(:public_key_path) { File.join(keys_dir, public_key_name) }
          let(:hiera_yaml) do
            <<-YAML.unindent
            :backends:
              - eyaml
              - yaml
            :eyaml:
              :datadir: #{code_dir}/hieradata
              :pkcs7_private_key: #{private_key_path}
              :pkcs7_public_key: #{public_key_path}
            :yaml:
              :datadir: #{code_dir}/hieradata
            :hierarchy:
              - common
           YAML
          end

          let(:data_files) do
            {
              'common.yaml' => <<-YAML.unindent,
                b: value 'b' (from global)
                c:
                  c_a: value c_a (from global)
                YAML
              'common.eyaml' => <<-YAML.unindent
                a: >
                  ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
                  DQYJKoZIhvcNAQEBBQAEggEAH457bsfL8kYw9O50roE3dcE21nCnmPnQ2XSX
                  LYRJ2C78LarbfFonKz0gvDW7tyhsLWASFCFaiU8T1QPBd2b3hoQK8E4B2Ual
                  xga/K7r9y3OSgRomTm9tpTltC6re0Ubh3Dy71H61obwxEdNVTqjPe95+m2b8
                  6zWZVnzZzXXsTG1S17yJn1zaB/LXHbWNy4KyLLKCGAml+Gfl6ZMjmaplTmUA
                  QIC5rI8abzbPP3TDMmbLOGNkrmLqI+3uS8tSueTMoJmWaMF6c+H/cA7oRxmV
                  QCeEUVXjyFvCHcmbA+keS/RK9XF+vc07/XS4XkYSPs/I5hLQji1y9bkkGAs0
                  tehxQjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDHpA6Fcl/R16aIYcow
                  oiO4gDAvfFH6jLUwXkcYtagnwdmhkd9TQJtxNWcIwMpvmk036MqIoGwwhQdg
                  gV4beiCFtLU=]
                a_ref: "A reference to %{hiera('a')}"
                b_ref: "A reference to %{hiera('b')}"
                c_ref: "%{alias('c')}"
                YAML
            }
          end

          let(:code_dir_files) do
            {
              'hiera.yaml' => hiera_yaml,
              'hieradata' => data_files
            }
          end

          before(:each) do
            Puppet.settings[:hiera_config] = File.join(code_dir, 'hiera.yaml')
          end

          it 'finds data in the global layer' do
            expect(lookup('a')).to eql("Encrypted value 'a' (from global)")
          end

          it 'can use a hiera interpolation' do
            expect(lookup('a_ref')).to eql("A reference to Encrypted value 'a' (from global)")
          end

          it 'can use a hiera interpolation that refers back to yaml' do
            expect(lookup('b_ref')).to eql("A reference to value 'b' (from global)")
          end

          it 'can use a hiera interpolation that refers back to yaml, but only in global layer' do
            expect(lookup(['c', 'c_ref'], 'merge' => 'deep')).to eql([{'c_a' => 'value c_a (from global)', 'c_b' => 'value c_b (from environment)'}, { 'c_a' => 'value c_a (from global)' }])
          end

          it 'delegates configured eyaml backend to eyaml_lookup_key function' do
            expect(explain('a')).to match(/Hierarchy entry "eyaml"\n.*\n.*\n.*"common"\n\s*Found key: "a"/m)
          end
        end

        context 'using deep_merge_options' do
          let(:hiera_yaml) do
            <<-YAML.unindent
              ---
              :backends:
                - yaml
              :yaml:
                :datadir: #{code_dir}/hieradata
              :hierarchy:
                - common
                - other
              :merge_behavior: deeper
              :deep_merge_options:
                :unpack_arrays: ','
              YAML
          end

          let(:code_dir_files) do
            {
              'hiera.yaml' => hiera_yaml,
              'hieradata' => {
                'common.yaml' => <<-YAML.unindent,
                  hash:
                    array:
                      - x1,x2
                  array:
                    - x1,x2
                  str: a string
                  mixed:
                    x: hx
                    y: hy
                  YAML
                'other.yaml' => <<-YAML.unindent,
                  hash:
                    array:
                      - x3
                      - x4
                  array:
                    - x3
                    - x4
                  str: another string
                  mixed:
                    - h1
                    - h2
                  YAML
              }
            }
          end

          it 'ignores configured merge_behavior when looking up arrays' do
            expect(lookup('array')).to eql(['x1,x2'])
          end

          it 'ignores configured merge_behavior when merging arrays' do
            expect(lookup('array', 'merge' => 'unique')).to eql(['x1,x2', 'x3', 'x4'])
          end

          it 'ignores configured merge_behavior when looking up hashes' do
            expect(lookup('hash')).to eql({'array' => ['x1,x2']})
          end

          it 'ignores configured merge_behavior when merging hashes' do
            expect(lookup('hash', 'merge' => 'hash')).to eql({'array' => ['x1,x2']})
          end
        end

        context 'using relative datadir paths' do
          let(:hiera_yaml) do
            <<-YAML.unindent
          ---
          :backends:
            - yaml
          :yaml:
            :datadir: relative_data
          :hierarchy:
            - common
            YAML
          end

          let(:populated_code_dir) do
            dir_contained_in(code_dir, code_dir_files.merge({
              'fake_cwd' => {
                'relative_data' => {
                  'common.yaml' => <<-YAML.unindent
                    a: value a (from fake_cwd/relative_data/common.yaml)
                  YAML
                }
              }
            }))
            code_dir
          end

          around(:each) do |example|
            cwd = Dir.pwd
            Dir.chdir(File.join(code_dir, 'fake_cwd'))
            begin
              example.run
            ensure
              Dir.chdir(cwd)
            end
          end

          it 'finds data from data file beneath relative datadir' do
            expect(lookup('a')).to eql('value a (from fake_cwd/relative_data/common.yaml)')
          end
        end
      end

      context 'version 5' do
        let(:scope_additions) { { 'ipl_datadir' => 'hieradata' } }
        let(:hiera_yaml) do
          <<-YAML.unindent
          ---
          version: 5
          defaults:
            datadir: "%{ipl_datadir}"

          hierarchy:
            - name: Yaml
              data_hash: yaml_data
              paths:
                - common.yaml
                - "%{domain}.yaml"
            - name: Json
              data_hash: json_data
              paths:
                - common.json
                - "%{domain}.json"
            - name: Hocon
              data_hash: hocon_data
              paths:
                - common.conf
                - "%{domain}.conf"
            - name: Custom
              hiera3_backend: custom
              paths:
                - common.custom
                - "%{domain}.custom"
            - name: Other
              hiera3_backend: other
              options:
                other_option: value of other_option
              paths:
                - common.other
                - "%{domain}.other"
              YAML
        end

        it 'finds global data and reports no deprecation warnings' do
          expect(lookup('a')).to eql('value a (from global)')
          expect(warnings).to be_empty
        end

        it 'explain contains output from global layer' do
          explanation = explain('a')
          expect(explanation).to include('Global Data Provider (hiera configuration version 5)')
          expect(explanation).to include('Hierarchy entry "Yaml"')
          expect(explanation).to include('Hierarchy entry "Json"')
          expect(explanation).to include('Hierarchy entry "Hocon"')
          expect(explanation).to include('Hierarchy entry "Custom"')
          expect(explanation).to include('Found key: "a" value: "value a (from global)"')
        end

        it 'uses the explicitly given merge to override lookup options and to merge all layers' do
          expect(lookup('hash_c', 'merge' => 'deep')).to eql(
            {
              'hash_ca' =>
                {
                  'caa' => 'value hash_c.hash_ca.caa (from environment)',
                  'cab' => 'value hash_c.hash_ca.cab (from global)',
                  'cac' => 'value hash_c.hash_ca.cac (from global json)',
                  'cad' => 'value hash_c.hash_ca.cad (from global custom)'
                }
            })
        end

        it 'backend data sources are propagated to custom backend' do
          expect(lookup('datasources')).to eql(['common', 'example.com'])
        end

        it 'backend specific options are propagated to custom backend' do
          expect(lookup('other_option')).to eql('value of other_option')
        end

        it 'dotted keys are passed down to custom backend' do
          expect(lookup('dotted.key')).to eql('custom backend received request for dotted.key value')
        end

        it 'multiple hiera3_backend declarations can be used and are merged into the generated config' do
          expect(lookup(['datasources', 'other_option'])).to eql([['common', 'example.com'], 'value of other_option'])
          expect(Hiera::Config.instance_variable_get(:@config)).to eql(
            {
              :backends => ['custom', 'other'],
              :hierarchy => ['common', '%{domain}'],
              :custom => { :datadir => "#{code_dir}/hieradata" },
              :other => { :other_option => 'value of other_option', :datadir=>"#{code_dir}/hieradata" },
              :logger => 'puppet'
            })
        end

        it 'provides a sensible error message when the hocon library is not loaded' do
          Puppet.features.stubs(:hocon?).returns(false)

          expect { lookup('a') }.to raise_error do |e|
            expect(e.message).to match(/Lookup using Hocon data_hash function is not supported without hocon library/)
          end
        end

        context 'with missing path declaraion' do
          context 'and yaml_data function' do
            let(:hiera_yaml) { <<-YAML.unindent }
              version: 5
              hierarchy:
                - name: Yaml
                  data_hash: yaml_data
              YAML

            it 'fails and reports the missing path' do
              expect { lookup('a') }.to raise_error(/one of 'path', 'paths' 'glob', 'globs' or 'mapped_paths' must be declared in hiera.yaml when using this data_hash function/)
            end
          end

          context 'and json_data function' do
            let(:hiera_yaml) { <<-YAML.unindent }
              version: 5
              hierarchy:
                - name: Json
                  data_hash: json_data
              YAML

            it 'fails and reports the missing path' do
              expect { lookup('a') }.to raise_error(/one of 'path', 'paths' 'glob', 'globs' or 'mapped_paths' must be declared in hiera.yaml when using this data_hash function/)
            end
          end

          context 'and hocon_data function' do
            let(:hiera_yaml) { <<-YAML.unindent }
              version: 5
              hierarchy:
                - name: Hocon
                  data_hash: hocon_data
              YAML

            it 'fails and reports the missing path' do
              expect { lookup('a') }.to raise_error(/one of 'path', 'paths' 'glob', 'globs' or 'mapped_paths' must be declared in hiera.yaml when using this data_hash function/)
            end
          end

          context 'and eyaml_lookup_key function' do
            let(:hiera_yaml) { <<-YAML.unindent }
              version: 5
              hierarchy:
                - name: Yaml
                  lookup_key: eyaml_lookup_key
              YAML

            it 'fails and reports the missing path' do
              expect { lookup('a') }.to raise_error(/one of 'path', 'paths' 'glob', 'globs' or 'mapped_paths' must be declared in hiera.yaml when using this lookup_key function/)
            end
          end
        end
      end

      context 'with a hiera3_backend that has no paths' do
        let(:hiera_yaml) do
          <<-YAML.unindent
          ---
          version: 5
          hierarchy:
            - name: Custom
              hiera3_backend: custom
          YAML
        end

        it 'calls the backend' do
          expect(lookup('hash_c')).to eql(
            { 'hash_ca' => { 'cad' => 'value hash_c.hash_ca.cad (from global custom)' }})
        end
      end
    end

    context 'and a module' do
      let(:mod_a_files) { {} }

      let(:populated_env_dir) do
        dir_contained_in(env_dir, DeepMerge.deep_merge!(environment_files, env_name => { 'modules' => mod_a_files }))
        env_dir
      end

      context 'that has no lookup configured' do
        let(:mod_a_files) do
          {
            'mod_a' => {
              'data' => {
                'common.yaml' => <<-YAML.unindent
                ---
                mod_a::b: value mod_a::b (from mod_a)
              YAML
              }
            }
          }
        end

        it 'does not find data in the module' do
          expect { lookup('mod_a::b') }.to raise_error(Puppet::DataBinding::LookupError, /did not find a value for the name 'mod_a::b'/)
        end

        context 'with a Hiera v3 configuration' do
          let(:mod_a_files) do
            {
              'mod_a' => {
                'hiera.yaml' => <<-YAML.unindent
                  ---
                  :backends: yaml
                  YAML
              }
            }
          end

          it 'raises a warning' do
            expect(lookup('mod_a::a')).to eql('value mod_a::a (from environment)')
            expect(warnings).to include(/hiera.yaml version 3 found at module root was ignored/)
          end
        end

        context "but a metadata.json with 'module_data_provider=hiera'" do
          let(:mod_a_files_1) { DeepMerge.deep_merge!(mod_a_files, 'mod_a' => { 'metadata.json' => <<-JSON.unindent }) }
              {
                  "name": "example/mod_a",
                  "version": "0.0.2",
                  "source": "git@github.com/example/mod_a.git",
                  "dependencies": [],
                  "author": "Bob the Builder",
                  "license": "Apache-2.0",
                  "data_provider": "hiera"
              }
              JSON

          let(:populated_env_dir) do
            dir_contained_in(env_dir, DeepMerge.deep_merge!(environment_files, env_name => { 'modules' => mod_a_files_1 }))
            env_dir
          end

          it 'finds data in the module and reports deprecation warning for metadata.json' do
            expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
            expect(warnings).to include(/Defining "data_provider": "hiera" in metadata.json is deprecated. A 'hiera.yaml' file should be used instead/)
          end

          context 'and a hiera.yaml file' do
            let(:mod_a_files_2) { DeepMerge.deep_merge!(mod_a_files_1, 'mod_a' => { 'hiera.yaml' => <<-YAML.unindent }) }
            ---
            version: 4
            hierarchy:
              - name: common
                backend: yaml
            YAML

            let(:populated_env_dir) do
              dir_contained_in(env_dir, DeepMerge.deep_merge!(environment_files, env_name => { 'modules' => mod_a_files_2 }))
              env_dir
            end

            it 'finds data in the module and reports deprecation warnings for both metadata.json and hiera.yaml' do
              expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
              expect(warnings).to include(/Defining "data_provider": "hiera" in metadata.json is deprecated/)
              expect(warnings).to include(/Use of 'hiera.yaml' version 4 is deprecated. It should be converted to version 5/)
            end
          end
        end
      end

      context 'using deep merge and module values that aliases environment values' do
        let(:mod_a_files) do
          {
            'mod_a' => {
              'data' => {
                'common.yaml' => <<-YAML.unindent,
                  ---
                  mod_a::hash:
                    b: value b (from module)
                  lookup_options:
                    mod_a::hash:
                      merge: deep
                  YAML
              },
              'hiera.yaml' => <<-YAML.unindent,
                ---
                version: 5
                hierarchy:
                  - name: "Common"
                    path: "common.yaml"
                  - name: "Other"
                    path: "other.yaml"
                YAML
            }
          }
        end
        let(:env_data) do
          {
            'common.yaml' => <<-YAML.unindent
              a: value a (from environment)
              mod_a::hash:
                a: value mod_a::hash.a (from environment)
                c: '%{alias("a")}'
              YAML
          }
        end

        it 'continues with module lookup after alias is resolved in environment' do
          expect(lookup('mod_a::hash')).to eql(
            {
              'a' => 'value mod_a::hash.a (from environment)',
              'b' => 'value b (from module)',
              'c' => 'value a (from environment)'
            })
        end
      end

      context 'using a data_hash that reads a yaml file' do
        let(:defaults) {
          {
            'mod_a::xd' => 'value mod_a::xd (from default)',
            'mod_a::xd_found' => 'value mod_a::xd_found (from default)',
            'scope_xd' => 'value scope_xd (from default)'
          }}
        let(:overrides) {
          {
            'mod_a::xo' => 'value mod_a::xo (from override)',
            'scope_xo' => 'value scope_xo (from override)'
          }}

        let(:scope_additions) do
          {
            'scope_scalar' => 'scope scalar value',
            'scope_hash' => { 'a' => 'scope hash a', 'b' => 'scope hash b' }
          }
        end
        let(:mod_a_files) do
          {
            'mod_a' => {
              'data' => {
                'common.yaml' => <<-YAML.unindent
                ---
                mod_a::a: value mod_a::a (from mod_a)
                mod_a::b: value mod_a::b (from mod_a)
                mod_a::xo: value mod_a::xo (from mod_a)
                mod_a::xd_found: value mod_a::xd_found (from mod_a)
                mod_a::interpolate_xo: "-- %{lookup('mod_a::xo')} --"
                mod_a::interpolate_xd: "-- %{lookup('mod_a::xd')} --"
                mod_a::interpolate_scope_xo: "-- %{scope_xo} --"
                mod_a::interpolate_scope_xd: "-- %{scope_xd} --"
                mod_a::hash_a:
                  a: value mod_a::hash_a.a (from mod_a)
                  b: value mod_a::hash_a.b (from mod_a)
                mod_a::hash_b:
                  a: value mod_a::hash_b.a (from mod_a)
                  b: value mod_a::hash_b.b (from mod_a)
                mod_a::interpolated: "-- %{lookup('mod_a::a')} --"
                mod_a::a_a: "-- %{lookup('mod_a::hash_a.a')} --"
                mod_a::a_b: "-- %{lookup('mod_a::hash_a.b')} --"
                mod_a::b_a: "-- %{lookup('mod_a::hash_b.a')} --"
                mod_a::b_b: "-- %{lookup('mod_a::hash_b.b')} --"
                mod_a::interpolate_array:
                  - "-- %{lookup('mod_a::a')} --"
                  - "-- %{lookup('mod_a::b')} --"
                mod_a::interpolate_literal: "-- %{literal('hello')} --"
                mod_a::interpolate_scope: "-- %{scope_scalar} --"
                mod_a::interpolate_scope_not_found: "-- %{scope_nope} --"
                mod_a::interpolate_scope_dig: "-- %{scope_hash.a} --"
                mod_a::interpolate_scope_dig_not_found: "-- %{scope_hash.nope} --"
                mod_a::quoted_interpolation: '-- %{lookup(''"mod_a::a.quoted.key"'')} --'
                "mod_a::a.quoted.key": "value mod_a::a.quoted.key (from mod_a)"
              YAML
              },
              'hiera.yaml' => <<-YAML.unindent,
              ---
              version: 5
              hierarchy:
                - name: "Common"
                  data_hash: yaml_data
                  path: "common.yaml"
            YAML
            }
          }
        end

        it 'finds data in the module' do
          expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
        end

        it 'environment data has higher priority than module data' do
          expect(lookup('mod_a::a')).to eql('value mod_a::a (from environment)')
        end

        it 'environment data has higher priority than module data in interpolated module data' do
          expect(lookup('mod_a::interpolated')).to eql('-- value mod_a::a (from environment) --')
        end

        it 'overrides have higher priority than found data' do
          expect(lookup('mod_a::xo', { 'override' => overrides })).to eql('value mod_a::xo (from override)')
        end

        it 'overrides have higher priority than found data in lookup interpolations' do
          expect(lookup('mod_a::interpolate_xo', { 'override' => overrides })).to eql('-- value mod_a::xo (from override) --')
        end

        it 'overrides have higher priority than found data in scope interpolations' do
          expect(lookup('mod_a::interpolate_scope_xo', { 'override' => overrides })).to eql('-- value scope_xo (from override) --')
        end

        it 'defaults have lower priority than found data' do
          expect(lookup('mod_a::xd_found', { 'default_values_hash' => defaults })).to eql('value mod_a::xd_found (from mod_a)')
        end

        it 'defaults are used when data is not found' do
          expect(lookup('mod_a::xd', { 'default_values_hash' => defaults })).to eql('value mod_a::xd (from default)')
        end

        it 'defaults are used when data is not found in lookup interpolations' do
          expect(lookup('mod_a::interpolate_xd', { 'default_values_hash' => defaults })).to eql('-- value mod_a::xd (from default) --')
        end

        it 'defaults are used when data is not found in scope interpolations' do
          expect(lookup('mod_a::interpolate_scope_xd', { 'default_values_hash' => defaults })).to eql('-- value scope_xd (from default) --')
        end

        it 'merges hashes from environment and module unless strategy hash is used' do
          expect(lookup('mod_a::hash_a')).to eql({'a' => 'value mod_a::hash_a.a (from environment)'})
        end

        it 'merges hashes from environment and module when merge strategy hash is used' do
          expect(lookup('mod_a::hash_a', :merge => 'hash')).to eql(
            {'a' => 'value mod_a::hash_a.a (from environment)', 'b' => 'value mod_a::hash_a.b (from mod_a)'})
        end

        it 'will not merge hashes from environment and module in interpolated expressions' do
          expect(lookup(['mod_a::a_a', 'mod_a::a_b'])).to eql(
            ['-- value mod_a::hash_a.a (from environment) --', '--  --']) # root key found in environment, no hash merge is performed
        end

        it 'interpolates arrays' do
          expect(lookup('mod_a::interpolate_array')).to eql(['-- value mod_a::a (from environment) --', '-- value mod_a::b (from mod_a) --'])
        end

        it 'can dig into arrays using subkeys' do
          expect(lookup('mod_a::interpolate_array.1')).to eql('-- value mod_a::b (from mod_a) --')
        end

        it 'treats an out of range subkey as not found' do
          expect(explain('mod_a::interpolate_array.2')).to match(/No such key: "2"/)
        end

        it 'interpolates a literal' do
          expect(lookup('mod_a::interpolate_literal')).to eql('-- hello --')
        end

        it 'interpolates scalar from scope' do
          expect(lookup('mod_a::interpolate_scope')).to eql('-- scope scalar value --')
        end

        it 'interpolates not found in scope as empty string' do
          expect(lookup('mod_a::interpolate_scope_not_found')).to eql('--  --')
        end

        it 'interpolates dotted key from scope' do
          expect(lookup('mod_a::interpolate_scope_dig')).to eql('-- scope hash a --')
        end

        it 'treates interpolated dotted key but not found in scope as empty string' do
          expect(lookup('mod_a::interpolate_scope_dig_not_found')).to eql('--  --')
        end

        it 'can use quoted keys in interpolation' do
          expect(lookup('mod_a::quoted_interpolation')).to eql('-- value mod_a::a.quoted.key (from mod_a) --') # root key found in environment, no hash merge is performed
        end

        it 'merges hashes from environment and module in interpolated expressions if hash merge is specified in lookup options' do
          expect(lookup(['mod_a::b_a', 'mod_a::b_b'])).to eql(
            ['-- value mod_a::hash_b.a (from environment) --', '-- value mod_a::hash_b.b (from mod_a) --'])
        end
      end

      context 'using a lookup_key that uses a path' do
        let(:mod_a_files) do
          {
            'mod_a' => {
              'functions' => {
                'pp_lookup_key.pp' => <<-PUPPET.unindent
                  function mod_a::pp_lookup_key($key, $options, $context) {
                    if !$context.cache_has_key(undef) {
                      $context.cache_all(yaml_data($options, $context))
                      $context.cache(undef, true)
                    }
                    if $context.cache_has_key($key) { $context.cached_value($key) } else { $context.not_found }
                  }
                  PUPPET
              },
              'hiera.yaml' => <<-YAML.unindent,
                ---
                version: 5
                hierarchy:
                  - name: "Common"
                    lookup_key: mod_a::pp_lookup_key
                    path: common.yaml
                YAML
              'data' => {
                'common.yaml' => <<-YAML.unindent
                  mod_a::b: value mod_a::b (from mod_a)
                  YAML
              }
            }
          }
        end

        it 'finds data in the module' do
          expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
        end
      end

      context 'using a lookup_key that is a puppet function' do
        let(:puppet_function) { <<-PUPPET.unindent }
          function mod_a::pp_lookup_key(Puppet::LookupKey $key, Hash[String,String] $options, Puppet::LookupContext $context) >> Puppet::LookupValue {
            case $key {
              'mod_a::really_interpolated': { $context.interpolate("-- %{lookup('mod_a::a')} --") }
              'mod_a::recursive': { lookup($key) }
              default: {
                if $context.cache_has_key(mod_a::a) {
                  $context.explain || { 'reusing cache' }
                } else {
                  $context.explain || { 'initializing cache' }
                  $context.cache_all({
                    mod_a::a => 'value mod_a::a (from mod_a)',
                    mod_a::b => 'value mod_a::b (from mod_a)',
                    mod_a::c => 'value mod_a::c (from mod_a)',
                    mod_a::hash_a => {
                      a => 'value mod_a::hash_a.a (from mod_a)',
                      b => 'value mod_a::hash_a.b (from mod_a)'
                    },
                    mod_a::hash_b => {
                      a => 'value mod_a::hash_b.a (from mod_a)',
                      b => 'value mod_a::hash_b.b (from mod_a)'
                    },
                    mod_a::interpolated => "-- %{lookup('mod_a::a')} --",
                    mod_a::a_a => "-- %{lookup('mod_a::hash_a.a')} --",
                    mod_a::a_b => "-- %{lookup('mod_a::hash_a.b')} --",
                    mod_a::b_a => "-- %{lookup('mod_a::hash_b.a')} --",
                    mod_a::b_b => "-- %{lookup('mod_a::hash_b.b')} --",
                    'mod_a::a.quoted.key' => 'value mod_a::a.quoted.key (from mod_a)',
                    mod_a::sensitive => Sensitive('reduct me please'),
                    mod_a::type => Object[{name => 'FindMe', 'attributes' => {'x' => String}}],
                    mod_a::version => SemVer('3.4.1'),
                    mod_a::version_range => SemVerRange('>=3.4.1'),
                    mod_a::timestamp => Timestamp("1994-03-25T19:30:00"),
                    mod_a::timespan => Timespan("3-10:00:00")
                  })
                }
                if !$context.cache_has_key($key) {
                  $context.not_found
                }
                $context.explain || { "returning value for $key" }
                $context.cached_value($key)
              }
            }
          }
        PUPPET

        let(:mod_a_files) do
          {
            'mod_a' => {
              'functions' => {
                'pp_lookup_key.pp' => puppet_function
              },
              'hiera.yaml' => <<-YAML.unindent,
              ---
              version: 5
              hierarchy:
                - name: "Common"
                  lookup_key: mod_a::pp_lookup_key
            YAML
            }
          }
        end

        it 'finds data in the module' do
          expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
        end

        it 'environment data has higher priority than module data' do
          expect(lookup('mod_a::a')).to eql('value mod_a::a (from environment)')
        end

        it 'finds quoted keys in the module' do
          expect(lookup('"mod_a::a.quoted.key"')).to eql('value mod_a::a.quoted.key (from mod_a)')
        end

        it 'will not resolve interpolated expressions' do
          expect(lookup('mod_a::interpolated')).to eql("-- %{lookup('mod_a::a')} --")
        end

        it 'resolves interpolated expressions using Context#interpolate' do
          expect(lookup('mod_a::really_interpolated')).to eql("-- value mod_a::a (from environment) --")
        end

        it 'will not merge hashes from environment and module unless strategy hash is used' do
          expect(lookup('mod_a::hash_a')).to eql({ 'a' => 'value mod_a::hash_a.a (from environment)' })
        end

        it 'merges hashes from environment and module when merge strategy hash is used' do
          expect(lookup('mod_a::hash_a', :merge => 'hash')).to eql({ 'a' => 'value mod_a::hash_a.a (from environment)', 'b' => 'value mod_a::hash_a.b (from mod_a)' })
        end

        it 'traps recursive lookup trapped' do
          expect(explain('mod_a::recursive')).to include('Recursive lookup detected')
        end

        it 'private cache is persisted over multiple calls' do
          collect_notices("notice(lookup('mod_a::b')) notice(lookup('mod_a::c'))", true)
          expect(notices).to eql(['value mod_a::b (from mod_a)', 'value mod_a::c (from mod_a)'])
          expect(explanation).to match(/initializing cache.*reusing cache/m)
          expect(explanation).not_to match(/initializing cache.*initializing cache/m)
        end

        it 'the same key is requested only once' do
          collect_notices("notice(lookup('mod_a::b')) notice(lookup('mod_a::b'))", true)
          expect(notices).to eql(['value mod_a::b (from mod_a)', 'value mod_a::b (from mod_a)'])
          expect(explanation).to match(/Found key: "mod_a::b".*Found key: "mod_a::b"/m)
          expect(explanation).to match(/returning value for mod_a::b/m)
          expect(explanation).not_to match(/returning value for mod_a::b.*returning value for mod_a::b/m)
        end

        context 'and calling function via API' do
          it 'finds and delivers rich data' do
            collect_notices("notice('success')") do |scope|
              expect(lookup_func.call(scope, 'mod_a::sensitive')).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
              expect(lookup_func.call(scope, 'mod_a::type')).to be_a(Puppet::Pops::Types::PObjectType)
              expect(lookup_func.call(scope, 'mod_a::version')).to eql(SemanticPuppet::Version.parse('3.4.1'))
              expect(lookup_func.call(scope, 'mod_a::version_range')).to eql(SemanticPuppet::VersionRange.parse('>=3.4.1'))
              expect(lookup_func.call(scope, 'mod_a::timestamp')).to eql(Puppet::Pops::Time::Timestamp.parse('1994-03-25T19:30:00'))
              expect(lookup_func.call(scope, 'mod_a::timespan')).to eql(Puppet::Pops::Time::Timespan.parse('3-10:00:00'))
            end
            expect(notices).to eql(['success'])
          end
        end

        context 'with declared but incompatible return_type' do
          let(:puppet_function) { <<-PUPPET.unindent }
            function mod_a::pp_lookup_key(Puppet::LookupKey $key, Hash[String,String] $options, Puppet::LookupContext $context) >> Runtime['ruby','Symbol'] {
              undef
            }
            PUPPET

          it 'fails and reports error' do
            expect{lookup('mod_a::a')}.to raise_error(
              "Return type of 'lookup_key' function named 'mod_a::pp_lookup_key' is incorrect, expects a RichData value, got Runtime")
          end
        end
      end

      context 'using a data_dig that is a ruby function' do
        let(:mod_a_files) do
          {
            'mod_a' => {
              'lib' => {
                'puppet' => {
                  'functions' => {
                    'mod_a' => {
                      'ruby_dig.rb' => <<-RUBY.unindent
                      Puppet::Functions.create_function(:'mod_a::ruby_dig') do
                        dispatch :ruby_dig do
                          param 'Array[String[1]]', :segments
                          param 'Hash[String,Any]', :options
                          param 'Puppet::LookupContext', :context
                          return_type 'Puppet::LookupValue'
                        end

                        def ruby_dig(segments, options, context)
                          sub_segments = segments.dup
                          root_key = sub_segments.shift
                          case root_key
                          when 'mod_a::options'
                            hash = { 'mod_a::options' => options }
                          when 'mod_a::lookup'
                            return call_function('lookup', segments.join('.'))
                          else
                            hash = {
                              'mod_a::a' => 'value mod_a::a (from mod_a)',
                              'mod_a::b' => 'value mod_a::b (from mod_a)',
                              'mod_a::hash_a' => {
                                'a' => 'value mod_a::hash_a.a (from mod_a)',
                                'b' => 'value mod_a::hash_a.b (from mod_a)'
                              },
                              'mod_a::hash_b' => {
                                'a' => 'value mod_a::hash_b.a (from mod_a)',
                                'b' => 'value mod_a::hash_b.b (from mod_a)'
                              },
                              'mod_a::interpolated' => "-- %{lookup('mod_a::a')} --",
                              'mod_a::really_interpolated' => "-- %{lookup('mod_a::a')} --",
                              'mod_a::a_a' => "-- %{lookup('mod_a::hash_a.a')} --",
                              'mod_a::a_b' => "-- %{lookup('mod_a::hash_a.b')} --",
                              'mod_a::b_a' => "-- %{lookup('mod_a::hash_b.a')} --",
                              'mod_a::b_b' => "-- %{lookup('mod_a::hash_b.b')} --",
                              'mod_a::bad_type' => :oops,
                              'mod_a::bad_type_in_hash' => { 'a' => :oops },
                            }
                            end
                          context.not_found unless hash.include?(root_key)
                          value = sub_segments.reduce(hash[root_key]) do |memo, segment|
                            context.not_found unless memo.is_a?(Hash) && memo.include?(segment)
                            memo[segment]
                          end
                          root_key == 'mod_a::really_interpolated' ? context.interpolate(value) : value
                        end
                      end
                    RUBY
                    }
                  }
                }
              },
              'hiera.yaml' => <<-YAML.unindent,
              ---
              version: 5
              defaults:
                options:
                  option_b:
                    z: Default option value b.z

              hierarchy:
                - name: "Common"
                  data_dig: mod_a::ruby_dig
                  uri: "http://www.example.com/passed/as/option"
                  options:
                    option_a: Option value a
                    option_b:
                      x: Option value b.x
                      y: Option value b.y
                - name: "Extra"
                  data_dig: mod_a::ruby_dig
           YAML
            }
          }
        end

        it 'finds data in the module' do
          expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
        end

        it 'environment data has higher priority than module data' do
          expect(lookup('mod_a::a')).to eql('value mod_a::a (from environment)')
        end

        it 'will not resolve interpolated expressions' do
          expect(lookup('mod_a::interpolated')).to eql("-- %{lookup('mod_a::a')} --")
        end

        it 'resolves interpolated expressions using Context#interpolate' do
          expect(lookup('mod_a::really_interpolated')).to eql("-- value mod_a::a (from environment) --")
        end

        it 'does not accept return of runtime type from function' do
          # Message is produced by the called function, not by the lookup framework
          expect(explain('mod_a::bad_type')).to include("value returned from function 'ruby_dig' has wrong type")
        end

        it 'does not accept return of runtime type embedded in hash from function' do
          # Message is produced by the called function, not by the lookup framework
          expect(explain('mod_a::bad_type_in_hash')).to include("value returned from function 'ruby_dig' has wrong type")
        end

        it 'will not merge hashes from environment and module unless strategy hash is used' do
          expect(lookup('mod_a::hash_a')).to eql({'a' => 'value mod_a::hash_a.a (from environment)'})
        end

        it 'hierarchy entry options are passed to the function' do
          expect(lookup('mod_a::options.option_b.x')).to eql('Option value b.x')
        end

        it 'default options are passed to the function' do
          expect(lookup('mod_a::options.option_b.z')).to eql('Default option value b.z')
        end

        it 'default options are not merged with hierarchy options' do
          expect(lookup('mod_a::options')).to eql(
            {
              'option_a' => 'Option value a',
              'option_b' => {
                'y' => 'Option value b.y',
                'x' => 'Option value b.x'
              },
              'uri' => 'http://www.example.com/passed/as/option'
            })
        end

        it 'hierarchy entry "uri" is passed as location option to the function' do
          expect(lookup('mod_a::options.uri')).to eql('http://www.example.com/passed/as/option')
        end

        it 'recursive lookup is trapped' do
          expect(explain('mod_a::lookup.mod_a::lookup')).to include('Recursive lookup detected')
        end

        context 'with merge strategy hash' do
          it 'merges hashes from environment and module' do
            expect(lookup('mod_a::hash_a', :merge => 'hash')).to eql({'a' => 'value mod_a::hash_a.a (from environment)', 'b' => 'value mod_a::hash_a.b (from mod_a)'})
          end

          it 'will "undig" value from data_dig function, merge root hashes, and then dig to get values by subkey' do
            expect(lookup(['mod_a::hash_a.a', 'mod_a::hash_a.b'], :merge => 'hash')).to eql(
              ['value mod_a::hash_a.a (from environment)', 'value mod_a::hash_a.b (from mod_a)'])
          end
        end
      end

      context 'that has a default_hierarchy' do
        let(:mod_a_hiera_yaml) { <<-YAML.unindent }
          version: 5
          hierarchy:
            - name: "Common"
              path: common.yaml
            - name: "Common 2"
              path: common2.yaml

          default_hierarchy:
            - name: "Default"
              path: defaults.yaml
            - name: "Default 2"
              path: defaults2.yaml
          YAML

        let(:mod_a_common) { <<-YAML.unindent }
          mod_a::a: value mod_a::a (from module)
          mod_a::d:
            a: value mod_a::d.a (from module)
          mod_a::f:
            a:
              a: value mod_a::f.a.a (from module)
          lookup_options:
            mod_a::e:
              merge: deep
          YAML


        let(:mod_a_common2) { <<-YAML.unindent }
          mod_a::b: value mod_a::b (from module)
          mod_a::d:
            c: value mod_a::d.c (from module)
          mod_a::f:
            a:
              b: value mod_a::f.a.b (from module)
          YAML

        let(:mod_a_defaults) { <<-YAML.unindent }
          mod_a::a: value mod_a::a (from module defaults)
          mod_a::b: value mod_a::b (from module defaults)
          mod_a::c: value mod_a::c (from module defaults)
          mod_a::d:
            b: value mod_a::d.b (from module defaults)
          mod_a::e:
            a:
              a: value mod_a::e.a.a (from module defaults)
          mod_a::g:
            a:
              a: value mod_a::g.a.a (from module defaults)
          lookup_options:
            mod_a::d:
              merge: hash
            mod_a::g:
              merge: deep
          YAML

        let(:mod_a_defaults2) { <<-YAML.unindent }
          mod_a::e:
            a:
              b: value mod_a::e.a.b (from module defaults)
          mod_a::g:
            a:
              b: value mod_a::g.a.b (from module defaults)
          YAML

        let(:mod_a_files) do
          {
            'mod_a' => {
              'data' => {
                'common.yaml' => mod_a_common,
                'common2.yaml' => mod_a_common2,
                'defaults.yaml' => mod_a_defaults,
                'defaults2.yaml' => mod_a_defaults2
              },
              'hiera.yaml' => mod_a_hiera_yaml
            }
          }
        end

        it 'the default hierarchy does not interfere with environment hierarchy' do
          expect(lookup('mod_a::a')).to eql('value mod_a::a (from environment)')
        end

        it 'the default hierarchy does not interfere with regular hierarchy in module' do
          expect(lookup('mod_a::b')).to eql('value mod_a::b (from module)')
        end

        it 'the default hierarchy is consulted when no value is found elsewhere' do
          expect(lookup('mod_a::c')).to eql('value mod_a::c (from module defaults)')
        end

        it 'the default hierarchy does not participate in a merge' do
          expect(lookup('mod_a::d', 'merge' => 'hash')).to eql('a' => 'value mod_a::d.a (from module)', 'c' => 'value mod_a::d.c (from module)')
        end

        it 'lookup_options from regular hierarchy does not effect values found in the default hierarchy' do
          expect(lookup('mod_a::e')).to eql('a' => { 'a' => 'value mod_a::e.a.a (from module defaults)' })
        end

        it 'lookup_options from default hierarchy affects values found in the default hierarchy' do
          expect(lookup('mod_a::g')).to eql('a' => { 'a' => 'value mod_a::g.a.a (from module defaults)', 'b' => 'value mod_a::g.a.b (from module defaults)'})
        end

        it 'merge parameter does not override lookup_options defined in the default hierarchy' do
          expect(lookup('mod_a::g', 'merge' => 'hash')).to eql(
            'a' => { 'a' => 'value mod_a::g.a.a (from module defaults)', 'b' => 'value mod_a::g.a.b (from module defaults)'})
        end

        it 'lookup_options from default hierarchy does not effect values found in the regular hierarchy' do
          expect(lookup('mod_a::d')).to eql('a' => 'value mod_a::d.a (from module)')
        end

        it 'the default hierarchy lookup is included in the explain output' do
          explanation = explain('mod_a::c')
          expect(explanation).to match(/Searching default_hierarchy of module "mod_a".+Original path: "defaults.yaml"/m)
        end
      end
    end

    context 'and an eyaml lookup_key function' do
      let(:private_key_name) { 'private_key.pkcs7.pem' }
      let(:public_key_name) { 'public_key.pkcs7.pem' }

      let(:private_key) do
        <<-PKCS7.unindent
          -----BEGIN RSA PRIVATE KEY-----
          MIIEogIBAAKCAQEAwHB3GvImq59em4LV9DMfP0Zjs21eW3Jd5I9fuY0jLJhIkH6f
          CR7tyOpYV6xUj+TF8giq9WLxZI7sourMJMWjEWhVjgUr5lqp1RLv4lwfDv3Wk4XC
          2LUuqj1IAErUXKeRz8i3lUSZW1Pf4CaMpnIiPdWbz6f0KkaJSFi9bqexONBx4fKQ
          NlgZwm2/aYjjrYng788I0QhWDKUqsQOi5mZKlHNRsDlk7J3Afhsx/jTLrCX/G8+2
          tPtLsHyRN39kluM5vYHbKXDsCG/a88Z2yUE2+r4Clp0FUKffiEDBPm0/H0sQ4Q1o
          EfQFDQRKaIkhpsm0nOnLYTy3/xJc5uqDNkLiawIDAQABAoIBAE98pNXOe8ab93oI
          mtNZYmjCbGAqprTjEoFb71A3SfYbmK2Gf65GxjUdBwx/tBYTiuekSOk+yzKcDoZk
          sZnmwKpqDByzaiSmAkxunANFxdZtZvpcX9UfUX0j/t+QCROUa5gF8j6HrUiZ5nkx
          sxr1PcuItekaGLJ1nDLz5JsWTQ+H4M+GXQw7/t96x8v8g9el4exTiAHGk6Fv16kD
          017T02M9qTTmV3Ab/enDIBmKVD42Ta36K/wc4l1aoUQNiRbIGVh96Cgd1CFXLF3x
          CsaNbYT4SmRXaYqoj6MKq+QFEGxadFmJy48NoSd4joirIn2lUjHxJebw3lLbNLDR
          uvQnQ2ECgYEA/nD94wEMr6078uMv6nKxPpNGq7fihwSKf0G/PQDqrRmjUCewuW+k
          /iXMe1Y/y0PjFeNlSbUsUvKQ5xF7F/1AnpuPHIrn3cjGVLb71W+zen1m8SnhsW/f
          7dPgtcb4SCvfhmLgoov+P34YcNfGi6qgPUu6319IqoB3BIi7PvfEomkCgYEAwZ4+
          V0bMjFdDn2hnYzjTNcF2aUQ1jPvtuETizGwyCbbMLl9522lrjC2DrH41vvqX35ct
          CBJkhQFbtHM8Gnmozv0vxhI2jP+u14mzfePZsaXuYrEgWRj+BCsYUHodXryxnEWj
          yVrTNskab1B5jFm2SCJDmKcycBOYpRBLCMx6W7MCgYBA99z7/6KboOIzzKrJdGup
          jLV410UyMIikoccQ7pD9jhRTPS80yjsY4dHqlEVJw5XSWvPb9DTTITi6p44EvBep
          6BKMuTMnQELUEr0O7KypVCfa4FTOl8BX28f+4kU3OGykxc6R8qkC0VGwTohV1UWB
          ITsgGhZV4uOA9uDI3T8KMQKBgEnQY2HwmuDSD/TA39GDA3qV8+ez2lqSXRGIKZLX
          mMf9SaBQQ+uzKA4799wWDbVuYeIbB07xfCL83pJP8FUDlqi6+7Celu9wNp7zX1ua
          Nw8z/ErhzjxJe+Xo7A8aTwIkG+5A2m1UU/up9YsEeiJYvVaIwY58B42U2vfq20BS
          fD9jAoGAX2MscBzIsmN+U9R0ptL4SXcPiVnOl8mqvQWr1B4OLgxX7ghht5Fs956W
          bHipxOWMFCPJA/AhNB8q1DvYiD1viZbIALSCJVUkzs4AEFIjiPsCBKxerl7jF6Xp
          1WYSaCmfvoCVEpFNt8cKp4Gq+zEBYAV4Q6TkcD2lDtEW49MuN8A=
          -----END RSA PRIVATE KEY-----
          PKCS7
      end

      let(:public_key) do
        <<-PKCS7.unindent
          -----BEGIN CERTIFICATE-----
          MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE3MDExMzA5MTY1
          MloYDzIwNjcwMTAxMDkxNjUyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
          CgKCAQEAwHB3GvImq59em4LV9DMfP0Zjs21eW3Jd5I9fuY0jLJhIkH6fCR7tyOpY
          V6xUj+TF8giq9WLxZI7sourMJMWjEWhVjgUr5lqp1RLv4lwfDv3Wk4XC2LUuqj1I
          AErUXKeRz8i3lUSZW1Pf4CaMpnIiPdWbz6f0KkaJSFi9bqexONBx4fKQNlgZwm2/
          aYjjrYng788I0QhWDKUqsQOi5mZKlHNRsDlk7J3Afhsx/jTLrCX/G8+2tPtLsHyR
          N39kluM5vYHbKXDsCG/a88Z2yUE2+r4Clp0FUKffiEDBPm0/H0sQ4Q1oEfQFDQRK
          aIkhpsm0nOnLYTy3/xJc5uqDNkLiawIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
          MB0GA1UdDgQWBBSejWrVnw7QaBjNFCHMNFi+doSOcTAoBgNVHSMEITAfgBSejWrV
          nw7QaBjNFCHMNFi+doSOcaEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAAe85
          BQ1ydAHFqo0ib38VRPOwf5xPHGbYGhvQi4/sU6aTuR7pxaOJPYz05jLhS+utEmy1
          sknBq60G67yhQE7IHcfwrl1arirG2WmKGvAbjeYL2K1UiU0pVD3D+Klkv/pK6jIQ
          eOJRGb3qNUn0Sq9EoYIOXiGXQ641F0bZZ0+5H92kT1lmnF5oLfCb84ImD9T3snH6
          pIr5RKRx/0YmJIcv3WdpoPT903rOJiRIEgIj/hDk9QZTBpm222Ul5yQQ5pBywpSp
          xh0bmJKAQWhQm7QlybKfyaQmg5ot1jEzWAvD2I5FjHQxmAlchjb6RreaRhExj+JE
          5O117dMBdzDBjcNMOA==
          -----END CERTIFICATE-----
          PKCS7
      end

      let(:keys_dir) do
        keys = tmpdir('keys')
        dir_contained_in(keys, {
          private_key_name => private_key,
          public_key_name => public_key
        })
        keys
      end

      let(:private_key_path) { File.join(keys_dir, private_key_name) }
      let(:public_key_path) { File.join(keys_dir, public_key_name) }

      let(:env_hiera_yaml) do
        <<-YAML.unindent
          version: 5
          hierarchy:
            - name: EYaml
              path: common.eyaml
              lookup_key: eyaml_lookup_key
              options:
                pkcs7_private_key: #{private_key_path}
                pkcs7_public_key: #{public_key_path}
          YAML
      end

      let(:scope_additions) { { 'ipl_suffix' => 'aa' } }
      let(:data_files) do
        {
          'common.eyaml' => <<-YAML.unindent
            # a: Encrypted value 'a' (from environment)
            a: >
              ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
              DQYJKoZIhvcNAQEBBQAEggEAUwwNRA5ZKM87SLnjnJfzDFRQbeheSYMTOhcr
              sgTPCGtzEAzvRBrkdIRAvDZVRfadV9OB+bJsYrhWIkU1bYiOn1m78ginh96M
              44RuspnIZYnL9Dhs+JyC8VvB5nlvlEph2RGt+KYg9iU4JYhwZ2+8+yxB6/UK
              H5HGKDCjBbEc8o9MbCckLsciIh11hKKgT6K0yhKB/nBxxM78nrX0BxmAHX2u
              bejKDRa9S/0uS7Y91nvnbIkaQpZ4KteSQ+J4/lQBMlMAeE+2F9ncM8jFKnQC
              rzzdbn1O/zwsEt5J5CRP1Sc+8hM644+IqkLs+17segxArHVGOsEqyDcHbXEK
              9jspfzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCIq/L5HeJgA9XQm67j
              JHUngDDS5s52FsuSIMin7Z/pV+XuaJGFkL80ia4bXnCWilmtM8oUa/DZuBje
              dCILO7I8QqU=]
            hash_a:
              "hash_%{ipl_suffix}":
                # aaa: Encrypted value hash_a.hash_aa.aaa (from environment)
                aaa: >
                  ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEw
                  DQYJKoZIhvcNAQEBBQAEggEAhvGXL5RxVUs9wdqJvpCyXtfCHrm2HbG/u30L
                  n8EuRD9ravlsgIISAnd27JPtrxA+0rZq4EQRGz6OcovnH9vTg86/lVBhhPnz
                  b83ArptGJhRvTYUJ19GZI3AYjJbhWj/Jo5NL56oQJaPBccqHxMApm/U0wlus
                  QtASL94cLuh4toVIBQCQzD5/Bx51p2wQobm9p4WKSl1zJhDceurmoLZXqhuN
                  JwwEBwXopJvgid3ZDPbdX8nI6vHhb/8wDq9yb5DOsrkgqDqQgwPU9sUUioQj
                  Hr1pGyeOWnbEe99iEb2+m7TWsC0NN7OBo06mAgFNbBLjvn2k4PiCxrOOgJ8S
                  LI5eXjBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCWNS6j3m/Xvrp5RFaN
                  ovm/gEB4oPlYJswoXuWqcEBfwZzbpy96x3b2Le/yoa72ylbPAUc5GfLENvFQ
                  zXpTtSmQE0fixY4JMaBTke65ZRvoiOQO]
            array_a:
              # - "array_a[0]"
              - >
                ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
                DQYJKoZIhvcNAQEBBQAEggEAmXZfyfU77vVCZqHpR10qhD0Jy9DpMGBgal97
                vUO2VHX7KlCgagK0kz8/uLRIthkYzcpn8ISmw/+CIAny3jOjxOsylJiujqyu
                hx/JEFl8bOKOg40Bd0UuBaw/qZ+CoAtOorhiIW7x6t7DpknItC6gkH/cSJ4/
                p3MdhoARRuwj2fvuaChVsD39l2rXjgJj0OJOaDXdbuisG75VRZf5l8IH6+44
                Q7m6W7BU69LX+ozn+W3filQoiJ5MPf8w/KXAObMSbKYIDsrZUyIWyyNUbpW0
                MieIkHj93bX3gIEcenECLdWaEzcPa7MHgl6zevQKg4H0JVmcvKYyfHYqcrVE
                PqizKDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDf259KZEay1widVSFy
                I9zGgBAICjm0x2GeqoCnHdiAA+jt]
              # - "array_a[1]"
              - >
                ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
                DQYJKoZIhvcNAQEBBQAEggEATVy4hHG356INFKOswAhoravh66iJljp+Vn3o
                UVD1kyRiqY5tz3UVSptzUmzD+YssX/f73AKCjUI3HrPNL7kAxsk6fWS7nDEj
                AuxtCqGYeBha6oYJYziSGIHfAdY3MiJUI1C9g/OQB4TTvKdrlDArPiY8THJi
                bzLLMbVQYJ6ixSldwkdKD75vtikyamx+1LSyVBSg8maVyPvLHtLZJuT71rln
                WON3Ious9PIbd+izbcCzaoqh5UnTfDCjOuAYliXalBxamIIwNzSV1sdR8/qf
                t22zpYK4J8lgCBV2gKfrOWSi9MAs6JhCeOb8wNLMmAUTbc0WrFJxoCwAPX0z
                MAjsNjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC4v4bNE4gFlbLmVY+9
                BtSLgBBm7U0wu6d6s9wF9Ek9IHPe]
            # ref_a: "A resolved = '%{hiera('a')}'"
            ref_a: >
                ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw
                DQYJKoZIhvcNAQEBBQAEggEAFSuUp+yk+oaA7b5ekT0u360CQ9Q2sIQ/bTcM
                jT3XLjm8HIGYPcysOEnuo8WcAxJFY5iya4yQ7Y/UhMWXaTi7Vzv/6BmyPDwz
                +7Z2Mf0r0PvS5+ylue6aem/3bXPOmXTKTf68OCehTRXlDUs8/av9gnsDzojp
                yiUTBZvKxhIP2n//GyoHgyATveHT0lxPVpdMycB347DtWS7IduCxx0+KiOOw
                DXYFlYbIVxVInwgERxtsfYSr+Fu0/mkjtRsQm+dPzMQOATE9Val2gGKsV6bi
                kdm1OM9HrwVsFj6Lma6FYmr89Bcm/1uEc8fiOMtNK3z2+nwunWBMNCGneMYD
                C5IJejBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAeiZDGQyXHkZlV5ceT
                iCxpgCDDatuVvbPEEi8rKOC7xhPHZ22zLEEV//l7C9jxq+DZcA==]
            YAML
        }
      end

      let(:env_data) { data_files }

      context 'and a module using eyaml with different options' do

        let(:private_module_key) do
          <<-PKCS7.unindent
          -----BEGIN RSA PRIVATE KEY-----
          MIIEogIBAAKCAQEAuqVpctipK4OMWM+RwKcd/mR4pg6qE3+ItPVC9TlvBrmDaN/y
          YZRjQR+XovXSGuy/CneSQ9Qss0Ff3FKAmEeH0qN0V47a81hgLpjhLCX1n+Ov7r1Q
          DC1ciTpVzHE4krN3rJ/RmDohitIqT1IYYhdcEdaMG9E26HIzn1QIwaDiYU3mfqWM
          8CZExa0CeIsEzHRLSxuMi/xX0ENImCRUzY9GH88Cu2gUhpKlbVzJmVqGPgp94pJY
          YM+SUb0XP1yRySpJMnVg98oCUrQO2OoE/Gax/djAi6hrJUzejPsEKdZ1yxM6OyJW
          NjWZYs8izAxBqm7pv1hx5+X7AIPqwZTMVrB7TQIDAQABAoIBAHIex13QOYeAlGSM
          7bpUtBMiTV6DItxvIyA5wen8ZvU+oqmSHDorp5BfB7E9Cm0qChkVSRot9fLYawtk
          anoxakuRY4ZRs3AMvipfkXYT854CckTP/cykQ6soPuOU6plQIEEtKtMf3/hoTjRX
          ps77J3FEtEAh6Kexg/zMPdpeS2xgULhk0P9ZQEg+JhLA5dq0p0nz3SBkuzcxei79
          +Za/Tg1osD0AINOajdvPnKxvlmWJN0+LpGwVjFNhkoUXPeDyvq0z2V/Uqwz4HP2I
          UGv4tz3SbzFc3Ie4lzgUZzCQgUK3u60pq1uyA6BRtxwdEmpn5v++jGXBGJZpWwcW
          UNblESUCgYEA4aTH9+LHsNjLPs2FmSc7hNjwHG1rAHcDXTX2ccySjRcQvH4Z7xBL
          di+SzZ2Tf8gSLycPRgRVCbrgCODpjoV2D5wWnyUHfWm4+GQxHURYa4UDx69tsSKE
          OTRASJo7/Mz0M1a6YzgCzVRM/TO676ucmawzKUY5OUm1oehtODAiZOcCgYEA08GM
          AMBOznys02xREJI5nLR6AveuTbIjF2efEidoxoW+1RrMOkcqaDTrJQ5PLM+oDDwD
          iPzVjnroSbwJzFB71atIg7b7TwltgkXy7wNTedO2cm5u/I0q8tY2Jaa4Mz8JUnbe
          yafvtS0/mY6A5k+8/2UIMFin2rqU9NC9EUPIo6sCgYBhOvAwELibq89osIbxB8bN
          5+0PUtbYzG/WqnoXb193DIlZr7zdFththPJtR4lXdo7fYqViNluuZahEKyZ5E2lc
          MJZO3VXs5LGf1wyS3/B55EdMtHs/6O+w9qL8pflTZb2UobqPJoOOltTWBoR24iwI
          y/r/vhLKbMini9AEdjlb4QKBgGdYsax4Lr4GCQ8ScSnmQ6ngRyAFo5MV2pyEnRTu
          GOuywKUe9AeJTgAXu5+VMT0Mh9aYv5zu0Ic+IvpBhIKr0RRCCR0Hg/VaA5Et9FeE
          RwxRMFz+2rn1Z72moDyV9pZEMJeHnknK5WmGEOEvtGczCWmX9Hwr+Jf+sc4dxfiU
          HWsLAoGAXWSX73p/6R4eRfF5zU2UFJPvDzhmwObAuvU4zKs9x7PMxZfvyt/eBCO1
          fj2+hIR72RxVuHbLApF1BT6gPVLtNdvaNuCs8YlHcnx/Oi088F0ni7fL/xYBUvaB
          7wTf188UJxP1ofVMZW00P4I9mR6BrOulv455gCwsmg2X7WtJU48=
          -----END RSA PRIVATE KEY-----
          PKCS7
        end

        let(:public_module_key) do
          <<-PKCS7.unindent
          -----BEGIN CERTIFICATE-----
          MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE3MDUzMTE2Mjc0
          M1oYDzIwNjcwNTE5MTYyNzQzWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
          CgKCAQEAuqVpctipK4OMWM+RwKcd/mR4pg6qE3+ItPVC9TlvBrmDaN/yYZRjQR+X
          ovXSGuy/CneSQ9Qss0Ff3FKAmEeH0qN0V47a81hgLpjhLCX1n+Ov7r1QDC1ciTpV
          zHE4krN3rJ/RmDohitIqT1IYYhdcEdaMG9E26HIzn1QIwaDiYU3mfqWM8CZExa0C
          eIsEzHRLSxuMi/xX0ENImCRUzY9GH88Cu2gUhpKlbVzJmVqGPgp94pJYYM+SUb0X
          P1yRySpJMnVg98oCUrQO2OoE/Gax/djAi6hrJUzejPsEKdZ1yxM6OyJWNjWZYs8i
          zAxBqm7pv1hx5+X7AIPqwZTMVrB7TQIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
          MB0GA1UdDgQWBBQkhoMgOyPzEe7tOOimNH2//PYF2TAoBgNVHSMEITAfgBQkhoMg
          OyPzEe7tOOimNH2//PYF2aEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAhRWc
          Nz3PcUJllao5G/v4AyvjLgwB2JgjJgh6D3ILoOe9TrDSXD7ZV3F30vFae+Eztk86
          pmM8x57E0HsuuY+Owf6/hvELtwbzf9N/lc9ySZSogGFoQeJ8rnCJAQ0FaPjqb7AN
          xTaY9HTzr4dZG1f+sw32RUu2fDe7Deqgf85uMSZ1mtRTt9zvo8lMQxVA2nVOfwz2
          Nxf+qSNYSCtf0/6iwfzHy0qPjaJnywgBCi3Lg2IMSqGUatxzH+9HWrBgD+ZYxmDz
          2gW+EIU1Y/We/tbjIWaR1PD+IzeRJi5fHq60RKHPSdp7TGtV48bQRvyZXC7sVCRa
          yxfX1IGYhCDzbFRQNg==
          -----END CERTIFICATE-----
          PKCS7
        end

        let(:module_keys_dir) do
          keys = tmpdir('keys')
          dir_contained_in(keys, {
            private_key_name => private_module_key,
            public_key_name => public_module_key
          })
          keys
        end

        let(:private_module_key_path) { File.join(module_keys_dir, private_key_name) }
        let(:public_module_key_path) { File.join(module_keys_dir, public_key_name) }

        let(:mod_a_files) do
          {
            'mod_a' => {
              'hiera.yaml' => <<-YAML.unindent,
                version: 5
                hierarchy:
                  - name: EYaml
                    path: common.eyaml
                    lookup_key: eyaml_lookup_key
                    options:
                      pkcs7_private_key: #{private_module_key_path}
                      pkcs7_public_key: #{public_module_key_path}
                YAML
              'data' => {
                'common.eyaml' => <<-YAML.unindent
                ---
                # "%{lookup('a')} (from module)"
                mod_a::a: >
                  ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw
                  DQYJKoZIhvcNAQEBBQAEggEAC+lvda8mX6XkgCBstNw4IQUDyFcS6M0mS9gZ
                  ev4VBDeUK4AUNVnzzdbW0Mnj9LbqlpzFx96VGqSxsRBpe7BVD0kVo5jQsEMn
                  nbrWOD1lvXYrXZMXBeD9xJbMbH5EiiFhbaXcEKRAVGaLVQKjXDENDQ/On+it
                  1+wmmVwJynDJR0lsCz6dcSKvw6wnxBcv32qFyePvJuIf04CHMhaS4ykedYHK
                  vagUn5uVXOv/8G0JPlZnQLyxjE0v0heb0Zj0mvcP2+Y5BSW50AQVrMWJNtdW
                  aFEg6H5hpjduQfQh3iWVuDLnWhbP0sY2Grn5dTOxQP8aTDSsiTUcSeIAmjr/
                  K8YRCjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAjL7InlBjRuohLLcBx
                  686ogCDkhCan8bCE7aX2nr75QtLF3q89pFIR4/NGl5+oGEO+qQ==]
                YAML
              }
            }
          }
        end

        let(:populated_env_dir) do
          dir_contained_in(env_dir, DeepMerge.deep_merge!(environment_files, env_name => { 'modules' => mod_a_files }))
          env_dir
        end

        it 'repeatedly finds data in environment and module' do
          expect(lookup(['array_a', 'mod_a::a', 'hash_a'])).to eql([
            ['array_a[0]', 'array_a[1]'],
            "Encrypted value 'a' (from environment) (from module)",
            {'hash_aa'=>{'aaa'=>'Encrypted value hash_a.hash_aa.aaa (from environment)'}}])
        end
      end

      it 'finds data in the environment' do
        expect(lookup('a')).to eql("Encrypted value 'a' (from environment)")
      end

      it 'evaluates interpolated keys' do
        expect(lookup('hash_a')).to include('hash_aa')
      end

      it 'evaluates interpolations in encrypted values' do
        expect(lookup('ref_a')).to eql("A resolved = 'Encrypted value 'a' (from environment)'")
      end

      it 'can read encrypted values inside a hash' do
        expect(lookup('hash_a.hash_aa.aaa')).to eql('Encrypted value hash_a.hash_aa.aaa (from environment)')
      end

      it 'can read encrypted values inside an array' do
        expect(lookup('array_a')).to eql(['array_a[0]', 'array_a[1]'])
      end

      context 'declared in global scope as a Hiera v3 backend' do
        let(:environment_files) { {} }
        let(:data_file_content) { <<-YAML.unindent }
          a: >
            ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
            DQYJKoZIhvcNAQEBBQAEggEAH457bsfL8kYw9O50roE3dcE21nCnmPnQ2XSX
            LYRJ2C78LarbfFonKz0gvDW7tyhsLWASFCFaiU8T1QPBd2b3hoQK8E4B2Ual
            xga/K7r9y3OSgRomTm9tpTltC6re0Ubh3Dy71H61obwxEdNVTqjPe95+m2b8
            6zWZVnzZzXXsTG1S17yJn1zaB/LXHbWNy4KyLLKCGAml+Gfl6ZMjmaplTmUA
            QIC5rI8abzbPP3TDMmbLOGNkrmLqI+3uS8tSueTMoJmWaMF6c+H/cA7oRxmV
            QCeEUVXjyFvCHcmbA+keS/RK9XF+vc07/XS4XkYSPs/I5hLQji1y9bkkGAs0
            tehxQjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDHpA6Fcl/R16aIYcow
            oiO4gDAvfFH6jLUwXkcYtagnwdmhkd9TQJtxNWcIwMpvmk036MqIoGwwhQdg
            gV4beiCFtLU=]
          YAML

        let(:hiera_yaml) do
          <<-YAML.unindent
          :backends: eyaml
          :eyaml:
            :datadir: #{code_dir}/hieradata
            :pkcs7_private_key: #{private_key_path}
            :pkcs7_public_key: #{public_key_path}
          :hierarchy:
            - common
          YAML
        end

        let(:data_files) do
          {
            'common.eyaml' => data_file_content
          }
        end

        let(:code_dir_files) do
          {
            'hiera.yaml' => hiera_yaml,
            'hieradata' => data_files
          }
        end

        before(:each) do
          Puppet.settings[:hiera_config] = File.join(code_dir, 'hiera.yaml')
        end

        it 'finds data in the global layer' do
          expect(lookup('a')).to eql("Encrypted value 'a' (from global)")
        end

        it 'delegates configured eyaml backend to eyaml_lookup_key function' do
          expect(explain('a')).to match(/Hierarchy entry "eyaml"\n.*\n.*\n.*"common"\n\s*Found key: "a"/m)
        end

        context 'using intepolated paths to the key pair' do
          let(:scope_additions) { { 'priv_path' => private_key_path, 'pub_path' => public_key_path } }

          let(:hiera_yaml) do
            <<-YAML.unindent
          :backends: eyaml
          :eyaml:
            :datadir: #{code_dir}/hieradata
            :pkcs7_private_key: "%{priv_path}"
            :pkcs7_public_key: "%{pub_path}"
          :hierarchy:
            - common
            YAML
          end

          it 'finds data in the global layer' do
            expect(lookup('a')).to eql("Encrypted value 'a' (from global)")
          end
        end

        context 'with special extension declared in options' do
          let(:environment_files) { {} }
          let(:hiera_yaml) do
            <<-YAML.unindent
            :backends: eyaml
            :eyaml:
              :extension: xyaml
              :datadir: #{code_dir}/hieradata
              :pkcs7_private_key: #{private_key_path}
              :pkcs7_public_key: #{public_key_path}
            :hierarchy:
              - common
            YAML
          end

          let(:data_files) do
            {
              'common.xyaml' => data_file_content
            }
          end

          it 'finds data in the global layer' do
            expect(lookup('a')).to eql("Encrypted value 'a' (from global)")
          end

          it 'delegates configured eyaml backend to eyaml_lookup_key function' do
            expect(explain('a')).to match(/Hierarchy entry "eyaml"\n.*\n.*\n.*"common"\n\s*Found key: "a"/m)
          end
        end
      end
    end
  end
end