package parser

import (
	"testing"
)

func TestParseManifestsMultiDocAndSecretRedaction(t *testing.T) {
	input := []byte(`
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
  namespace: demo
spec:
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: app
        image: nginx
        env:
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-secret
              key: password
---
apiVersion: v1
kind: Service
metadata:
  name: web
  namespace: demo
spec:
  selector:
    app: web
---
apiVersion: v1
kind: Secret
metadata:
  name: app-secret
  namespace: demo
data:
  password: c2VjcmV0
`)

	ds, err := ParseManifests(input)
	if err != nil {
		t.Fatalf("ParseManifests returned error: %v", err)
	}
	if got, want := ds.Summary.Resources, 3; got != want {
		t.Fatalf("resource count mismatch: got %d want %d", got, want)
	}

	sec := ds.Resources["demo/Secret/app-secret"]
	if sec == nil {
		t.Fatalf("secret not found")
	}
	if !sec.IsSensitive {
		t.Fatalf("secret should be sensitive")
	}
	data, ok := sec.Raw["data"].(map[string]any)
	if !ok {
		t.Fatalf("secret data should exist")
	}
	if got := data["password"]; got != "<redacted>" {
		t.Fatalf("secret value was not redacted: %v", got)
	}
}

func TestParseManifestsInvalidYAML(t *testing.T) {
	_, err := ParseManifests([]byte("apiVersion: v1\nkind"))
	if err == nil {
		t.Fatalf("expected parse error for invalid yaml")
	}
}

func TestParseDeploymentWithEnvFromConfigMapRef(t *testing.T) {
	input := []byte(`apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubeviz
  namespace: kubeviz
spec:
  selector:
    matchLabels:
      app: kubeviz
  template:
    metadata:
      labels:
        app: kubeviz
    spec:
      containers:
      - name: kubeviz
        image: kubeviz:latest
        envFrom:
        - configMapRef:
            name: kubeviz-config
`)

	ds, err := ParseManifests(input)
	if err != nil {
		t.Fatalf("ParseManifests returned error: %v", err)
	}
	if got, want := ds.Summary.Resources, 1; got != want {
		t.Fatalf("resource count mismatch: got %d want %d", got, want)
	}
}

func TestParseIngressTLSHostsAndSecretName(t *testing.T) {
	input := []byte(`apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubeviz
  namespace: kubeviz
spec:
  tls:
  - hosts:
    - kubeviz.local
    secretName: kubeviz-tls
  rules:
  - host: kubeviz.local
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubeviz
            port:
              number: 80
`)

	ds, err := ParseManifests(input)
	if err != nil {
		t.Fatalf("ParseManifests returned error: %v", err)
	}
	if got, want := ds.Summary.Resources, 1; got != want {
		t.Fatalf("resource count mismatch: got %d want %d", got, want)
	}
	if len(ds.Summary.Issues) != 0 {
		t.Fatalf("expected no parse issues, got: %+v", ds.Summary.Issues)
	}
}