#[cfg(test)]
mod tests {
    use crate::support::*;
    use authzd::Authorizer;
    use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest;

    fn subject() -> authzd::authorization::spice::Authorizer {
        common::setup();
        authzd::authorization::spice::Authorizer::default()
    }

    #[test]
    #[ignore]
    fn test_unauthenticated_sparkle_endpoints() {
        let hosts = vec![
            "localhost:10000",
            "sparkle.runway.gitlab.net",
            "sparkle.staging.runway.gitlab.net",
        ];

        let routes = vec![
            ("GET", "/", true),
            ("GET", "/callback", true),
            ("GET", "/dashboard/nav", true),
            ("GET", "/signout", false),
            ("GET", "/sparkles", true),
            ("POST", "/sparkles/restore", true),
            ("GET", "/dashboard", false),
            ("POST", "/sparkles", false),
        ];

        let authorizer = subject();
        for host in hosts {
            for (method, path, expected) in &routes {
                let request = build_request(|item: &mut HttpRequest| {
                    item.method = method.to_string();
                    item.path = path.to_string();
                    item.host = host.to_string();
                    item.headers = build_headers(vec![
                        (String::from(":path"), path.to_string()),
                        (String::from(":method"), method.to_string()),
                        (String::from(":authority"), host.to_string()),
                    ]);
                });

                assert_eq!(
                    authorizer.authorize(request),
                    *expected,
                    "{} {}",
                    method,
                    path
                );
            }
        }
    }

    #[test]
    #[ignore]
    fn test_authenticated_sparkle_endpoints() {
        let hosts = vec![
            "localhost:10000",
            "sparkle.runway.gitlab.net",
            "sparkle.staging.runway.gitlab.net",
        ];

        let routes = vec![
            ("GET", "/", true),
            ("GET", "/callback", true),
            ("GET", "/dashboard/nav", true),
            ("GET", "/signout", true),
            ("GET", "/sparkles", true),
            ("GET", "/dashboard", true),
            ("POST", "/sparkles", true),
        ];

        let authorizer = subject();
        for host in hosts {
            for (method, path, expected) in &routes {
                let request = build_request(|item: &mut HttpRequest| {
                    item.method = method.to_string();
                    item.path = path.to_string();
                    item.host = host.to_string();
                    item.headers = build_headers(vec![
                        (String::from(":path"), path.to_string()),
                        (String::from(":method"), method.to_string()),
                        (String::from(":authority"), host.to_string()),
                        (String::from("x-jwt-claim-sub"), "1675940".to_string()),
                    ]);
                });

                assert_eq!(
                    authorizer.authorize(request),
                    *expected,
                    "{} {}",
                    method,
                    path
                );
            }
        }
    }
}