#!/usr/bin/env python

import arvados
import arvados_pam
import mock
import StringIO
import unittest

class ConfigTest(unittest.TestCase):
    def test_ok_config(self):
        self.assertConfig(
            "#comment\nARVADOS_API_HOST=xyzzy.example\nHOSTNAME=foo.shell\n#HOSTNAME=bogus\n",
            'xyzzy.example',
            'foo.shell')

    def test_config_missing_apihost(self):
        with self.assertRaises(KeyError):
            self.assertConfig('HOSTNAME=foo', '', 'foo')

    def test_config_missing_shellhost(self):
        with self.assertRaises(KeyError):
            self.assertConfig('ARVADOS_API_HOST=foo', 'foo', '')

    def test_config_empty_shellhost(self):
        self.assertConfig("ARVADOS_API_HOST=foo\nHOSTNAME=\n", 'foo', '')

    def test_config_strip_whitespace(self):
        self.assertConfig(" ARVADOS_API_HOST = foo \n\tHOSTNAME\t=\tbar\t\n", 'foo', 'bar')

    @mock.patch('arvados_pam.config_file')
    def assertConfig(self, txt, apihost, shellhost, config_file):
        configfake = StringIO.StringIO(txt)
        config_file.side_effect = [configfake]
        c = arvados_pam.config()
        self.assertEqual(apihost, c['ARVADOS_API_HOST'])
        self.assertEqual(shellhost, c['HOSTNAME'])

class AuthTest(unittest.TestCase):

    default_request = {
        'api_host': 'zzzzz.api_host.example',
        'shell_host': 'testvm2.shell',
        'token': '3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi',
        'username': 'active',
    }

    default_response = {
        'links': lambda: {
            'items': [{
                'uuid': 'zzzzz-o0j2j-rah2ya1ohx9xaev',
                'tail_uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
                'head_uuid': 'zzzzz-2x53u-382brsig8rp3065',
                'link_class': 'permission',
                'name': 'can_login',
                'properties': {
                    'username': 'active',
                },
            }],
        },
        'users': lambda: {
            'uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
            'full_name': 'Active User',
        },
        'virtual_machines': lambda: {
            'items': [{
                'uuid': 'zzzzz-2x53u-382brsig8rp3065',
                'hostname': 'testvm2.shell',
            }],
            'items_available': 1,
        },
    }

    def attempt(self):
        return arvados_pam.AuthEvent('::1', **self.request).can_login()

    def test_success(self):
        self.assertTrue(self.attempt())
        self.api_client.virtual_machines().list.assert_called_with(
            filters=[['hostname','=',self.request['shell_host']]])
        self.api.assert_called_with(
            'v1', host=self.request['api_host'], token=self.request['token'], cache=None)

    def test_fail_vm_lookup(self):
        self.response['virtual_machines'] = self._raise
        self.assertFalse(self.attempt())

    def test_vm_hostname_not_found(self):
        self.response['virtual_machines'] = lambda: {
            'items': [],
            'items_available': 0,
        }
        self.assertFalse(self.attempt())

    def test_vm_hostname_ambiguous(self):
        self.response['virtual_machines'] = lambda: {
            'items': [
                {
                    'uuid': 'zzzzz-2x53u-382brsig8rp3065',
                    'hostname': 'testvm2.shell',
                },
                {
                    'uuid': 'zzzzz-2x53u-382brsig8rp3065',
                    'hostname': 'testvm2.shell',
                },
            ],
            'items_available': 2,
        }
        self.assertFalse(self.attempt())

    def test_server_ignores_vm_filters(self):
        self.response['virtual_machines'] = lambda: {
            'items': [
                {
                    'uuid': 'zzzzz-2x53u-382brsig8rp3065',
                    'hostname': 'testvm22.shell', # <-----
                },
            ],
            'items_available': 1,
        }
        self.assertFalse(self.attempt())

    def test_fail_user_lookup(self):
        self.response['users'] = self._raise
        self.assertFalse(self.attempt())

    def test_fail_permission_check(self):
        self.response['links'] = self._raise
        self.assertFalse(self.attempt())

    def test_no_login_permission(self):
        self.response['links'] = lambda: {
            'items': [],
        }
        self.assertFalse(self.attempt())

    def test_server_ignores_permission_filters(self):
        self.response['links'] = lambda: {
            'items': [{
                'uuid': 'zzzzz-o0j2j-rah2ya1ohx9xaev',
                'tail_uuid': 'zzzzz-tpzed-xurymjxw79nv3jz',
                'head_uuid': 'zzzzz-2x53u-382brsig8rp3065',
                'link_class': 'permission',
                'name': 'CANT_login', # <-----
                'properties': {
                    'username': 'active',
                },
            }],
        }
        self.assertFalse(self.attempt())

    def setUp(self):
        self.request = self.default_request.copy()
        self.response = self.default_response.copy()
        self.api_client = mock.MagicMock(name='api_client')
        self.api_client.users().current().execute.side_effect = lambda: self.response['users']()
        self.api_client.virtual_machines().list().execute.side_effect = lambda: self.response['virtual_machines']()
        self.api_client.links().list().execute.side_effect = lambda: self.response['links']()
        patcher = mock.patch('arvados.api')
        self.api = patcher.start()
        self.addCleanup(patcher.stop)
        self.api.side_effect = [self.api_client]

    def _raise(self, exception=Exception("Test-induced failure"), *args, **kwargs):
        raise exception