package authz

import (
	"testing"

	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"google.golang.org/grpc/codes"
)

func TestCompositeCheckService(t *testing.T) {
	t.Run("without any services", func(t *testing.T) {
		svc := NewCheckService([]auth.AuthorizationServer{})

		response, err := svc.Check(t.Context(), &auth.CheckRequest{})

		require.Error(t, err)
		require.Nil(t, response)
	})

	t.Run("with a single service", func(t *testing.T) {
		svc := NewCheckService([]auth.AuthorizationServer{
			NewLocalCheckService(),
		})

		response, err := svc.Check(t.Context(), &auth.CheckRequest{})

		require.NoError(t, err)
		assert.Equal(t, int32(codes.PermissionDenied), response.Status.Code)
	})

	t.Run("with a multiple services", func(t *testing.T) {
		svc := NewCheckService([]auth.AuthorizationServer{
			NewRemoteCheckService(nil),
			NewLocalCheckService(),
		})

		response, err := svc.Check(t.Context(), &auth.CheckRequest{})

		require.NoError(t, err)
		assert.Equal(t, int32(codes.PermissionDenied), response.Status.Code)
	})

	t.Run("with a multiple failing services", func(t *testing.T) {
		svc := NewCheckService([]auth.AuthorizationServer{
			NewRemoteCheckService(nil),
			NewRemoteCheckService(nil),
		})

		response, err := svc.Check(t.Context(), &auth.CheckRequest{})

		require.Error(t, err)
		require.Nil(t, response)
	})
}