#!/usr/bin/env rspec

require 'spec_helper'

module MCollective
  module Security
    describe Base do
      before do
        @config = mock("config")
        @config.stubs(:identity).returns("test")
        @config.stubs(:configured).returns(true)
        @config.stubs(:topicsep).returns(".")
        @config.stubs(:topicprefix).returns("/topic/")

        @stats = mock("stats")

        @time = Time.now
        ::Time.stubs(:now).returns(@time)

        MCollective::Log.stubs(:debug).returns(true)

        MCollective::PluginManager << {:type => "global_stats", :class => @stats}
        MCollective::Config.stubs("instance").returns(@config)
        MCollective::Util.stubs("empty_filter?").returns(false)

        @plugin = Base.new
      end

      describe "#should_process_msg?" do
        it "should correctly validate messages" do
          m = mock
          m.stubs(:expected_msgid).returns("rspec")

          @plugin.should_process_msg?(m, "rspec").should == true

          expect {
            @plugin.should_process_msg?(m, "fail").should == true
          }.to raise_error(MsgDoesNotMatchRequestID)
        end

        it "should not test messages without expected_msgid" do
          m = mock
          m.stubs(:expected_msgid).returns(nil)

          @plugin.should_process_msg?(m, "rspec").should == true
        end
      end

      describe "#validate_filter?" do
        it "should pass on empty filter" do
          MCollective::Util.stubs("empty_filter?").returns(true)

          @stats.stubs(:passed).once
          @stats.stubs(:filtered).never
          @stats.stubs(:passed).never

          MCollective::Log.expects(:debug).with("Message passed the filter checks").once

          @plugin.validate_filter?({}).should == true
        end

        it "should pass for known classes" do
          MCollective::Util.stubs("has_cf_class?").with("foo").returns(true)

          @stats.stubs(:passed).once
          @stats.stubs(:filtered).never

          MCollective::Log.expects(:debug).with("Message passed the filter checks").once
          MCollective::Log.expects(:debug).with("Passing based on configuration management class foo").once

          @plugin.validate_filter?({"cf_class" => ["foo"]}).should == true
        end

        it "should fail for unknown classes" do
          MCollective::Util.stubs("has_cf_class?").with("foo").returns(false)

          @stats.stubs(:filtered).once
          @stats.stubs(:passed).never

          MCollective::Log.expects(:debug).with("Message failed the filter checks").once
          MCollective::Log.expects(:debug).with("Failing based on configuration management class foo").once

          @plugin.validate_filter?({"cf_class" => ["foo"]}).should == false
        end

        it "should pass for known agents" do
          MCollective::Util.stubs("has_agent?").with("foo").returns(true)

          @stats.stubs(:passed).once
          @stats.stubs(:filtered).never

          MCollective::Log.expects(:debug).with("Message passed the filter checks").once
          MCollective::Log.expects(:debug).with("Passing based on agent foo").once

          @plugin.validate_filter?({"agent" => ["foo"]}).should == true
        end

        it "should fail for unknown agents" do
          MCollective::Util.stubs("has_agent?").with("foo").returns(false)

          @stats.stubs(:filtered).once
          @stats.stubs(:passed).never

          MCollective::Log.expects(:debug).with("Message failed the filter checks").once
          MCollective::Log.expects(:debug).with("Failing based on agent foo").once

          @plugin.validate_filter?({"agent" => ["foo"]}).should == false
        end

        it "should pass for known facts" do
          MCollective::Util.stubs("has_fact?").with("fact", "value", "operator").returns(true)

          @stats.stubs(:passed).once
          @stats.stubs(:filtered).never

          MCollective::Log.expects(:debug).with("Message passed the filter checks").once
          MCollective::Log.expects(:debug).with("Passing based on fact fact operator value").once

          @plugin.validate_filter?({"fact" => [{:fact => "fact", :operator => "operator", :value => "value"}]}).should == true
        end

        it "should fail for unknown facts" do
          MCollective::Util.stubs("has_fact?").with("fact", "value", "operator").returns(false)

          @stats.stubs(:filtered).once
          @stats.stubs(:passed).never

          MCollective::Log.expects(:debug).with("Message failed the filter checks").once
          MCollective::Log.expects(:debug).with("Failing based on fact fact operator value").once

          @plugin.validate_filter?({"fact" => [{:fact => "fact", :operator => "operator", :value => "value"}]}).should == false
        end

        it "should pass for known identity" do
          MCollective::Util.stubs("has_identity?").with("test").returns(true)

          @stats.stubs(:passed).once
          @stats.stubs(:filtered).never

          MCollective::Log.expects(:debug).with("Message passed the filter checks").once
          MCollective::Log.expects(:debug).with("Passing based on identity").once

          @plugin.validate_filter?({"identity" => ["test"]}).should == true
        end

        it "should fail for known identity" do
          MCollective::Util.stubs("has_identity?").with("test").returns(false)

          @stats.stubs(:passed).never
          @stats.stubs(:filtered).once

          MCollective::Log.expects(:debug).with("Message failed the filter checks").once
          MCollective::Log.expects(:debug).with("Failed based on identity").once

          @plugin.validate_filter?({"identity" => ["test"]}).should == false
        end

        it "should treat multiple identity filters correctly" do
          MCollective::Util.stubs("has_identity?").with("foo").returns(false)
          MCollective::Util.stubs("has_identity?").with("bar").returns(true)

          @stats.stubs(:passed).once
          @stats.stubs(:filtered).never

          MCollective::Log.expects(:debug).with("Message passed the filter checks").once
          MCollective::Log.expects(:debug).with("Passing based on identity").once

          @plugin.validate_filter?({"identity" => ["foo", "bar"]}).should == true
        end

        it "should fail if no identity matches are found" do
          MCollective::Util.stubs("has_identity?").with("foo").returns(false)
          MCollective::Util.stubs("has_identity?").with("bar").returns(false)

          @stats.stubs(:passed).never
          @stats.stubs(:filtered).once

          MCollective::Log.expects(:debug).with("Message failed the filter checks").once
          MCollective::Log.expects(:debug).with("Failed based on identity").once

          @plugin.validate_filter?({"identity" => ["foo", "bar"]}).should == false
        end
      end

      describe "#create_reply" do
        it "should return correct data" do
          expected = {:senderid => "test",
            :requestid => "reqid",
            :senderagent => "agent",
            :msgtime => @time.to_i,
            :body => "body"}

          @plugin.create_reply("reqid", "agent", "body").should == expected
        end
      end

      describe "#create_request" do
        it "should return correct data" do
          expected = {:body => "body",
            :senderid => "test",
            :requestid => "reqid",
            :callerid => "uid=#{Process.uid}",
            :agent => "discovery",
            :collective => "mcollective",
            :filter => "filter",
            :ttl => 20,
            :msgtime => @time.to_i}

          @plugin.create_request("reqid", "filter", "body", :server, "discovery", "mcollective", 20).should == expected
        end

        it "should set the callerid when appropriate" do
          expected = {:body => "body",
            :senderid => "test",
            :requestid => "reqid",
            :agent => "discovery",
            :collective => "mcollective",
            :filter => "filter",
            :callerid => "callerid",
            :ttl => 60,
            :msgtime => @time.to_i}

          @plugin.stubs(:callerid).returns("callerid")
          @plugin.create_request("reqid", "filter", "body", :client, "discovery", "mcollective").should == expected
        end
      end

      describe "#valid_callerid?" do
        it "should not pass invalid callerids" do
          @plugin.valid_callerid?("foo-bar").should == false
          @plugin.valid_callerid?("foo=bar=baz").should == false
          @plugin.valid_callerid?('foo=bar\baz').should == false
          @plugin.valid_callerid?("foo=bar/baz").should == false
          @plugin.valid_callerid?("foo=bar|baz").should == false
        end

        it "should pass valid callerids" do
          @plugin.valid_callerid?("cert=foo-bar").should == true
          @plugin.valid_callerid?("uid=foo.bar").should == true
          @plugin.valid_callerid?("uid=foo.bar.123").should == true
        end
      end

      describe "#callerid" do
        it "should return a unix UID based callerid" do
          @plugin.callerid.should == "uid=#{Process.uid}"
        end
      end

      describe "#validrequest?" do
        it "should log an error when not implemented" do
          MCollective::Log.expects(:error).with("validrequest? is not implemented in MCollective::Security::Base")
          @plugin.validrequest?(nil)
        end
      end

      describe "#encoderequest" do
        it "should log an error when not implemented" do
          MCollective::Log.expects(:error).with("encoderequest is not implemented in MCollective::Security::Base")
          @plugin.encoderequest(nil, nil, nil)
        end
      end

      describe "#encodereply" do
        it "should log an error when not implemented" do
          MCollective::Log.expects(:error).with("encodereply is not implemented in MCollective::Security::Base")
          @plugin.encodereply(nil, nil, nil)
        end
      end

      describe "#decodemsg" do
        it "should log an error when not implemented" do
          MCollective::Log.expects(:error).with("decodemsg is not implemented in MCollective::Security::Base")
          @plugin.decodemsg(nil)
        end
      end
    end
  end
end