#!/usr/bin/env bash
# tests/checks/run-tests.sh -- unit tests for scripts/checks/d011-*.sh (grows per batch).
# Batch 1: d011-01-charms (mock juju), d011-06-vault-unseal (mock ledger).
# Also an INTEGRATION assertion: run both via the real orchestrator against mocks.
set -u
SD="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"; REPO="$(cd "$SD/../.." && pwd)"
CHK="$REPO/scripts/checks"; VAL="$REPO/scripts/validate.sh"
P=0; F=0; ok(){ echo "PASS: $1"; P=$((P+1)); }; no(){ echo "FAIL: $1"; F=$((F+1)); }
chk(){ [ "$2" = "$3" ] && ok "$1" || no "$1 (got '$2' want '$3')"; }
W="$(mktemp -d)"; trap 'rm -rf "$W"' EXIT; mkdir -p "$W/bin"

# --- mock juju (scenario via MOCK_JUJU) ---
cat > "$W/bin/juju" <<'JM'
#!/usr/bin/env bash
case "${MOCK_JUJU:-ok}" in
  unreachable) echo "ERROR connection refused" >&2; exit 1 ;;
  notjson)     echo "not json at all" ;;
  blocked)     cat <<'J'
{"applications":{"nova":{"units":{"nova/0":{"workload-status":{"current":"blocked"},"juju-status":{"current":"idle"}}}}}}
J
  ;;
  gss)         cat <<'J'
{"applications":{"gss":{"units":{"gss/0":{"workload-status":{"current":"unknown"},"juju-status":{"current":"idle"}}}},
  "vault":{"units":{"vault/0":{"workload-status":{"current":"active"},"juju-status":{"current":"idle"},
   "subordinates":{"vault-mysql-router/0":{"workload-status":{"current":"active"},"juju-status":{"current":"idle"}}}}}}}}
J
  ;;
  *)           cat <<'J'
{"applications":{"vault":{"units":{"vault/0":{"workload-status":{"current":"active"},"juju-status":{"current":"idle"}}}}}}
J
  ;;
esac
JM
chmod +x "$W/bin/juju"; command -v jq >/dev/null || { echo "SKIP: jq absent"; exit 0; }

runchk(){ PATH="$W/bin:$PATH" bash "$CHK/d011-01-charms.sh" 2>&1; }

# d011-01-charms
OUT="$(MOCK_JUJU=ok runchk)"; chk "charms all-active PASS" "$?" 0
grep -qE '^RESULT d011-01-charms PASS 0 ' <<<"$OUT" && ok "charms PASS line" || no "charms PASS line"
OUT="$(MOCK_JUJU=blocked runchk)"; chk "charms blocked FAIL" "$?" 1
grep -q 'nova/0 workload=blocked' <<<"$OUT" && ok "charms names the bad unit" || no "charms names bad unit"
OUT="$(MOCK_JUJU=gss runchk)"; chk "charms gss-unknown tolerated PASS" "$?" 0
grep -q 'tolerate: gss/0' <<<"$OUT" && ok "charms tolerates gss" || no "charms tolerates gss"
OUT="$(MOCK_JUJU=unreachable runchk)"; chk "charms unreachable HOLD" "$?" 2
OUT="$(MOCK_JUJU=notjson runchk)"; chk "charms notjson HOLD" "$?" 2

# d011-06-vault-unseal (mock ledger via VR_LEDGER)
mkl="$(mktemp)"
mkledger(){ printf '| id | date | item | src | owner | status |\n|---|---|---|---|---|---|\n| SEC-003 | 2026-07-03 | unseal custody | D-069 | operator | %s |\n' "$1" > "$mkl"; }
runvault(){ VR_LEDGER="$mkl" bash "$CHK/d011-06-vault-unseal.sh" 2>&1; }
mkledger "OPEN -- assign custodians + rehearse"; OUT="$(runvault)"; chk "vault OPEN -> MANUAL(3)" "$?" 3
grep -qE '^RESULT d011-06-vault-unseal PASS_PENDING_MANUAL 3 ' <<<"$OUT" && ok "vault MANUAL line" || no "vault MANUAL line"
mkledger "CLOSED 2026-07-10 -- rehearsed by A.Jones (second person)"; OUT="$(runvault)"; chk "vault CLOSED -> PASS(0)" "$?" 0
mkledger "REHEARSED 2026-07-10"; OUT="$(runvault)"; chk "vault REHEARSED -> PASS(0)" "$?" 0
mkledger "banana"; OUT="$(runvault)"; chk "vault unknown-status -> HOLD(2)" "$?" 2
printf 'no sec-003 row here\n' > "$mkl"; OUT="$(runvault)"; chk "vault missing-row -> HOLD(2)" "$?" 2
OUT="$(VR_LEDGER=/nonexistent bash "$CHK/d011-06-vault-unseal.sh" 2>&1)"; chk "vault missing-file -> HOLD(2)" "$?" 2

# INTEGRATION: real orchestrator runs both checks against mocks, from the REAL checks dir
# (checks resolve lib-validate.sh relative to their own location, so they must run from
# scripts/checks/ with the library sibling present -- do NOT copy them to an isolated temp).
mkledger "OPEN -- outstanding"
OUT="$(MOCK_JUJU=ok VR_LEDGER="$mkl" VR_CHECKDIR="$CHK" PATH="$W/bin:$PATH" bash "$VAL" --checks d011-01-charms,d011-06-vault-unseal 2>&1)"; RC=$?
chk "orchestrator overall = PASS_PENDING_MANUAL(3)" "$RC" 3
grep -q 'MANUAL=1' <<<"$OUT" && ok "orchestrator counts manual" || no "orchestrator counts manual"
grep -q 'PASS=1' <<<"$OUT" && ok "orchestrator counts charms pass" || no "orchestrator counts charms pass"

echo; [ "$F" = 0 ] && { echo "ALL PASS ($P checks)"; exit 0; } || { echo "FAILURES: $F"; exit 1; }
