using System.Collections.Immutable;
using StellaOps.Policy;
using Xunit;

namespace StellaOps.Policy.Tests;

public class SplMigrationToolTests
{
    [Fact]
    public void ToSplPolicyJson_ConvertsRulesAndMetadata()
    {
        var rule = PolicyRule.Create(
            name: "Block CVE",
            action: new PolicyAction(PolicyActionType.Block, null, null, null, false),
            severities: ImmutableArray.Create(PolicySeverity.Critical),
            environments: ImmutableArray<string>.Empty,
            sources: ImmutableArray<string>.Empty,
            vendors: ImmutableArray<string>.Empty,
            licenses: ImmutableArray<string>.Empty,
            tags: ImmutableArray<string>.Empty,
            match: PolicyRuleMatchCriteria.Create(
                ImmutableArray<string>.Empty,
                ImmutableArray<string>.Empty,
                ImmutableArray<string>.Empty,
                ImmutableArray<string>.Empty,
                ImmutableArray<string>.Empty,
                ImmutableArray.Create("/app"),
                ImmutableArray<string>.Empty,
                ImmutableArray<string>.Empty),
            expires: null,
            justification: "block it",
            identifier: "RULE-1");

        var document = new PolicyDocument(
            PolicySchema.CurrentVersion,
            ImmutableArray.Create(rule),
            ImmutableDictionary<string, string>.Empty.Add("name", "demo"),
            PolicyExceptionConfiguration.Empty);

        var spl = SplMigrationTool.ToSplPolicyJson(document);

        const string expected = "{\"apiVersion\":\"spl.stellaops/v1\",\"kind\":\"Policy\",\"metadata\":{\"labels\":{\"name\":\"demo\"},\"name\":\"demo\"},\"spec\":{\"defaultEffect\":\"deny\",\"statements\":[{\"effect\":\"deny\",\"id\":\"RULE-1\",\"match\":{\"actions\":[\"access\"],\"resource\":\"/app\"}}]}}";

        Assert.Equal(expected, spl);
    }

    [Fact]
    public void ToSplPolicyJson_UsesOverlaySafeIdsAndAudits()
    {
        var rule = PolicyRule.Create(
            name: "Warn entrypoint",
            action: new PolicyAction(PolicyActionType.Warn, null, null, null, true),
            severities: ImmutableArray.Create(PolicySeverity.Low),
            environments: ImmutableArray<string>.Empty,
            sources: ImmutableArray<string>.Empty,
            vendors: ImmutableArray<string>.Empty,
            licenses: ImmutableArray<string>.Empty,
            tags: ImmutableArray<string>.Empty,
            match: PolicyRuleMatchCriteria.Empty,
            expires: null,
            justification: "soft warning");

        var document = new PolicyDocument(
            PolicySchema.CurrentVersion,
            ImmutableArray.Create(rule),
            ImmutableDictionary<string, string>.Empty,
            PolicyExceptionConfiguration.Empty);

        var spl = SplMigrationTool.ToSplPolicyJson(document);

        const string expectedId = "warn-entrypoint";
        Assert.Contains(expectedId, spl);
        Assert.Contains("\"audit\":{\"message\":\"soft warning\",\"severity\":\"warn\"}", spl);
    }
}