# frozen_string_literal: true

# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

require 'base64'
require_relative './integration_helper'

describe 'API keys' do
  before do
    CLIENT.security.put_user(
      username: client_username,
      body: { password: 'test-password', roles: ['superuser'] }
    )
  end

  after do
    CLIENT.security.delete_user(username: client_username)
  end

  let(:client_username) { "query_api_keys_#{Time.new.to_i}" }
  let(:credentials) { Base64.strict_encode64("#{client_username}:test-password") }

  let(:client) do
    Elasticsearch::Client.new(
      host: HOST,
      transport_options: TRANSPORT_OPTIONS.merge(headers: { Authorization: "Basic #{credentials}" })
    )
  end

  it 'queries API keys' do
    key_name1 = "query-key-1-#{Time.new.to_i}"
    response = client.security.create_api_key(
      body: {
        name: key_name1,
        role_descriptors: {},
        expiration: '1d',
        metadata: { search: 'this' }
      }
    )
    expect(response['name']).to eq key_name1
    expect(response['api_key']).not_to be nil
    api_key_id1 = response['id']

    key_name2 = "query-key-2-#{Time.new.to_i}"
    response = client.security.create_api_key(
      body: {
        name: key_name2,
        expiration: '2d',
        role_descriptors: { 'role-a' => { "cluster": ['monitor'] } },
        metadata: { search: false }
      }
    )
    expect(response['name']).to eq key_name2
    expect(response['api_key']).not_to be nil
    api_key_id2 = response['id']

    key_name3 = "query-key-3#{Time.new.to_i}"
    response = client.security.create_api_key(
      body: {
        name: key_name3,
        expiration: '3d'
      }
    )
    expect(response['name']).to eq key_name3
    expect(response['api_key']).not_to be nil
    api_key_id3 = response['id']

    response = client.security.authenticate
    response['username']

    response = client.security.query_api_keys(
      body: {
        query: { wildcard: { name: key_name1 } }
      }
    )
    expect(response['total']).to eq 1
    expect(response['count']).to eq 1
    expect(response['api_keys'].first['id']).to eq api_key_id1

    response = client.security.query_api_keys(
      body: {
        query: { wildcard: { name: key_name2 } }
      }
    )
    expect(response['total']).to eq 1
    expect(response['count']).to eq 1
    expect(response['api_keys'].first['id']).to eq api_key_id2

    response = client.security.query_api_keys(
      body: {
        query: { wildcard: { name: key_name3 } }
      }
    )
    expect(response['total']).to eq 1
    expect(response['count']).to eq 1
    expect(response['api_keys'].first['id']).to eq api_key_id3
  end
end