package iam

import (
	"fmt"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestAccountIDValidation(t *testing.T) {
	valid := []string{
		"my-random-kcc-resource",       // generic kebab case name
		"j1938sa-gke-connect",          // similar to hashed resource names created by controllers/talaria
		"a123456789101112jelsqweroasi", // max-length
		"cnrm-system",
		"foodoo", // min-length
	}

	for _, validID := range valid {
		if ok := ValidAccountID(validID); !ok {
			t.Errorf("\nExpected %s to be valid\n", validID)
		}
	}

	invalid := []string{
		"2foo-fun-times",
		"this-has-bad--dashes",
		"this-one-is-a-good-name-but-its-too-long",
		"short",
	}

	for _, invalidID := range invalid {
		if ok := ValidAccountID(invalidID); ok {
			t.Errorf("\nExpected %s to be invalid\n", invalidID)
		}
	}
}

func TestWorkloadIdentity(t *testing.T) {
	s := WorkloadIdentitySvcAccount("ret-edge-dev-infra", "edge-system", "edge-agent")
	assert.Equal(t, s, fmt.Sprintf("%s.svc.id.goog[%s/%s]", "ret-edge-dev-infra", "edge-system", "edge-agent"))
}

func TestUserMember(t *testing.T) {
	s := UserMember("swim@ncr.com")
	assert.Equal(t, s, fmt.Sprintf("user:%s", "swim@ncr.com"))
}

func TestSvcAccountMember(t *testing.T) {
	s := SvcAccountMember("cnrm-system@ret-edge-dev-infra.iam.gserviceaccount.com")
	assert.Equal(t, s, fmt.Sprintf("serviceAccount:%s", "cnrm-system@ret-edge-dev-infra.iam.gserviceaccount.com"))
}

func TestLoggingServiceAccount(t *testing.T) {
	projectNum := "113538564660"
	s := LoggingServiceAccountMember(projectNum)
	assert.Equal(t, s, fmt.Sprintf("serviceAccount:service-%s@gcp-sa-logging.iam.gserviceaccount.com", projectNum))
}