#!/usr/bin/env ruby
require 'spec_helper'
require 'fileutils'
require 'puppet/type'

describe Puppet::Type.type(:k5login), :unless => Puppet.features.microsoft_windows? do
  include PuppetSpec::Files

  context "the type class" do
    subject { described_class }
    it { is_expected.to be_validattr :ensure }
    it { is_expected.to be_validattr :path }
    it { is_expected.to be_validattr :principals }
    it { is_expected.to be_validattr :mode }
    it { is_expected.to be_validattr :selrange }
    it { is_expected.to be_validattr :selrole }
    it { is_expected.to be_validattr :seltype }
    it { is_expected.to be_validattr :seluser }
    # We have one, inline provider implemented.
    it { is_expected.to be_validattr :provider }
  end

  let(:path) { tmpfile('k5login') }

  def resource(attrs = {})
    attrs = {
      :ensure     => 'present',
      :path       => path,
      :principals => 'fred@EXAMPLE.COM',
      :seluser    => 'user_u',
      :selrole    => 'role_r',
      :seltype    => 'type_t',
      :selrange   => 's0',
    }.merge(attrs)

    if content = attrs.delete(:content)
      File.open(path, 'w') { |f| f.print(content) }
    end

    resource = described_class.new(attrs)
    resource
  end

  before :each do
    FileUtils.touch(path)
  end

  context "the provider" do
    context "when the file is missing" do
      it "should initially be absent" do
        File.delete(path)
        expect(resource.retrieve[:ensure]).to eq(:absent)
      end

      it "should create the file when synced" do
        resource(:ensure => 'present').parameter(:ensure).sync
        expect(Puppet::FileSystem.exist?(path)).to be_truthy
      end
    end

    context "when the file is present" do
      context "retrieved initial state" do
        subject { resource.retrieve }

        it "should retrieve its properties correctly with zero principals" do
          expect(subject[:ensure]).to eq(:present)
          expect(subject[:principals]).to eq([])
          # We don't really care what the mode is, just that it got it
          expect(subject[:mode]).not_to be_nil
        end

        context "with one principal" do
          subject { resource(:content => "daniel@EXAMPLE.COM\n").retrieve }

          it "should retrieve its principals correctly" do
            expect(subject[:principals]).to eq(["daniel@EXAMPLE.COM"])
          end
        end

        [:seluser, :selrole, :seltype, :selrange].each do |param|
          property = described_class.attrclass(param)
          context param.to_s do
            let(:sel_param) { property.new :resource => resource }

            context "with selinux" do
              it "should return correct values based on SELinux state" do
                sel_param.stubs(:debug)
                expectedresult = case param
                  when :seluser; "user_u"
                  when :selrole; "object_r"
                  when :seltype; "krb5_home_t"
                  when :selrange; "s0"
                end
                expect(sel_param.default).to eq(expectedresult)
              end
            end

            context 'without selinux' do
              it 'should not try to determine the initial state' do
                Puppet::Type::K5login::ProviderK5login.any_instance.stubs(:selinux_support?).returns false

                expect(subject[:selrole]).to be_nil
              end

              it "should do nothing for safe_insync? if no SELinux support" do
                sel_param.should = 'newcontext'
                sel_param.expects(:selinux_support?).returns false
                expect(sel_param.safe_insync?('oldcontext')).to eq(true)
              end
            end
          end
        end

        context "with two principals" do
          subject do
            content = ["daniel@EXAMPLE.COM", "george@EXAMPLE.COM"].join("\n")
            resource(:content => content).retrieve
          end

          it "should retrieve its principals correctly" do
            expect(subject[:principals]).to eq(["daniel@EXAMPLE.COM", "george@EXAMPLE.COM"])
          end
        end
      end

      it "should remove the file ensure is absent" do
        resource(:ensure => 'absent').property(:ensure).sync
        expect(Puppet::FileSystem.exist?(path)).to be_falsey
      end

      it "should write one principal to the file" do
        expect(File.read(path)).to eq("")
        resource(:principals => ["daniel@EXAMPLE.COM"]).property(:principals).sync
        expect(File.read(path)).to eq("daniel@EXAMPLE.COM\n")
      end

      it "should write multiple principals to the file" do
        content = ["daniel@EXAMPLE.COM", "george@EXAMPLE.COM"]

        expect(File.read(path)).to eq("")
        resource(:principals => content).property(:principals).sync
        expect(File.read(path)).to eq(content.join("\n") + "\n")
      end

      describe "when setting the mode" do
        # The defined input type is "mode, as an octal string"
        ["400", "600", "700", "644", "664"].each do |mode|
          it "should update the mode to #{mode}" do
            resource(:mode => mode).property(:mode).sync

            expect((Puppet::FileSystem.stat(path).mode & 07777).to_s(8)).to eq(mode)
          end
        end
      end

      context "#stat" do
        let(:file) { described_class.new(:path => path) }

        it "should return nil if the file does not exist" do
          file[:path] = make_absolute('/foo/bar/baz/non-existent')

          expect(file.stat).to be_nil
        end

        it "should return nil if the file cannot be stat'ed" do
          dir = tmpfile('link_test_dir')
          child = File.join(dir, 'some_file')

          # Note: we aren't creating the file for this test. If the user is
          # running these tests as root, they will be able to access the
          # directory. In that case, this test will still succeed, not because
          # we cannot stat the file, but because the file does not exist.
          Dir.mkdir(dir)
          begin
            File.chmod(0, dir)

            file[:path] = child

            expect(file.stat).to be_nil
          ensure
            # chmod it back so we can clean it up
            File.chmod(0777, dir)
          end
        end

        it "should return nil if parts of path are not directories" do
          regular_file = tmpfile('ENOTDIR_test')
          FileUtils.touch(regular_file)
          impossible_child = File.join(regular_file, 'some_file')

          file[:path] = impossible_child
          expect(file.stat).to be_nil
        end

        it "should return the stat instance" do
          expect(file.stat).to be_a(File::Stat)
        end

        it "should cache the stat instance" do
          expect(file.stat.object_id).to eql(file.stat.object_id)
        end
      end
    end
  end
end