import pytest

import flask
from flask_principal import Identity, Principal

from endpoints.v2.v2auth import get_tuf_root 
from auth import permissions
from util.security.registry_jwt import QUAY_TUF_ROOT, SIGNER_TUF_ROOT, DISABLED_TUF_ROOT
  
from test import testconfig
from mock import Mock


def admin_identity(namespace, reponame):
  identity = Identity('admin')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'admin'))
  identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'admin'))
  return identity

def write_identity(namespace, reponame):
  identity = Identity('writer')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'write'))
  identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'write'))
  return identity
  
def read_identity(namespace, reponame):
  identity = Identity('reader')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'read'))
  identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'read'))
  return identity

def app_with_principal():
  app = flask.Flask(__name__)
  app.config.from_object(testconfig.TestConfig())
  principal = Principal(app) 
  return app, principal

@pytest.mark.parametrize('identity,expected', [
  (Identity('anon'), QUAY_TUF_ROOT),
  (read_identity("namespace", "repo"), QUAY_TUF_ROOT),
  (read_identity("different", "repo"), QUAY_TUF_ROOT),
  (admin_identity("different", "repo"), QUAY_TUF_ROOT),
  (write_identity("different", "repo"), QUAY_TUF_ROOT),
  (admin_identity("namespace", "repo"), SIGNER_TUF_ROOT),
  (write_identity("namespace", "repo"), SIGNER_TUF_ROOT),
])
def test_get_tuf_root(identity, expected):
  app, principal = app_with_principal()
  with app.test_request_context('/'):
    principal.set_identity(identity)
    actual = get_tuf_root(Mock(), "namespace", "repo")
    assert actual == expected, "should be %s, but was %s" % (expected, actual)
    
    
@pytest.mark.parametrize('trust_enabled,tuf_root', [
  (True, QUAY_TUF_ROOT),
  (False, DISABLED_TUF_ROOT),
])
def test_trust_disabled(trust_enabled,tuf_root):
  app, principal = app_with_principal()
  with app.test_request_context('/'):
    principal.set_identity(read_identity("namespace", "repo"))
    actual = get_tuf_root(Mock(trust_enabled=trust_enabled), "namespace", "repo")
    assert actual == tuf_root, "should be %s, but was %s" % (tuf_root, actual)