. $PSScriptRoot\..\..\Load-PesterModules.ps1
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
$functionPath = Join-Path -Path $here -ChildPath $sut
Write-Host "Overriding SUT: $functionPath"
Import-Module $functionPath -Force
$moduleForMock = ""

Describe "Get-AwsCredentialConfiguration" {

    # This is a private function, so Pester has a fit
    function ConvertTo-AwsCredentialEntry { param([System.Collections.ArrayList]$CredentialData) }

    Context "Logic" {

        It "Reads from Both Text-Based Credentials Files" {

            $expectedFileReads = @("credentials", "config")

            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith {}

            Get-AwsCredentialConfiguration | Should -BeNullOrEmpty

            foreach ($fileRead in $expectedFileReads) {

                Assert-MockCalled -CommandName Get-Content -Scope It -Times 1 -Exactly -ParameterFilter { $Path -match "$fileRead$"}
            }
        }

        It "Writes a Warning and Exits Early if No Credentials Files Found" {

            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith {}
            Mock -CommandName Write-Warning -ModuleName $moduleForMock -MockWith { }
            Mock -CommandName Write-Verbose -ModuleName $moduleForMock -MockWith { }
            Mock -CommandName Test-Path -ModuleName $moduleForMock -MockWith { return $false }

            Get-AwsCredentialConfiguration -Verbose
            Assert-MockCalled -CommandName Write-Warning -Scope It -Times 1 -Exactly -ParameterFilter { $Message -match "Unable to locate any configured AWS credentials sources" }
        }

        It "Writes a Warning and Exits Early if Credentials Files Found but Empty" {

            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith { return @() }
            Mock -CommandName Write-Warning -ModuleName $moduleForMock -MockWith { }
            Mock -CommandName Write-Verbose -ModuleName $moduleForMock -MockWith { }
            Mock -CommandName Test-Path -ModuleName $moduleForMock -MockWith { return $true }

            Get-AwsCredentialConfiguration -Verbose
            Assert-MockCalled -CommandName Write-Warning -Scope It -Times 1 -Exactly -ParameterFilter { $Message -match "Unable to locate any configured AWS credentials sources" }
        }

        It "Parses the File Contents Appropriately" {

            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith { return @( "[ErMerGerd]","role_arn=some_value","source_profile=another_value","region=some_region","mfa_serial=12345") } `
                -ParameterFilter { $Path -Match "credentials" }
            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith { return @( "[AllInAll]","role_arn=Its","source_profile=Just","region=Another","mfa_serial=BrickInTheWall") } `
                -ParameterFilter { $Path -Match "config" }

            Mock -CommandName Test-Path -ModuleName $moduleForMock -MockWith { return $true }
            Mock -CommandName ConvertTo-AwsCredentialEntry -ModuleName $moduleForMock -MockWith { return $_ }

            $result = Get-AwsCredentialConfiguration
            $result | Should -HaveCount 2
            $firstResult = $result | Select -First 1
            $lastResult = $result | Select -Last 1

            $firstResult.Name | Should -BeExactly "AllInAll"
            $firstResult.role_arn | Should -BeExactly "Its"
            $firstResult.source_profile | Should -BeExactly "Just"
            $firstResult.region | Should -BeExactly "Another"
            $firstResult.mfa_serial | Should -BeExactly "BrickInTheWall"

            $lastResult.Name | Should -BeExactly "ErMerGerd"
            $lastResult.role_arn | Should -BeExactly "some_value"
            $lastResult.source_profile | Should -BeExactly "another_value"
            $lastResult.region | Should -BeExactly "some_region"
            $lastResult.mfa_serial | Should -BeExactly "12345"
        }

        It "Merges Profile Properties Preferring First In When Overlap Occurs" {

            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith { return @( "[Shmoo]","role_arn=first_value","source_profile=first_value") } `
                -ParameterFilter { $Path -Match "config" }
            Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith { return @( "[Shmoo]","role_arn=second_value","region=a_value_not_in_object_one" ) } `
                -ParameterFilter { $Path -Match "credentials" }

            Mock -CommandName Test-Path -ModuleName $moduleForMock -MockWith { return $true }
            Mock -CommandName ConvertTo-AwsCredentialEntry -ModuleName $moduleForMock -MockWith { return $_ }

            $result = Get-AwsCredentialConfiguration
            $result | Should -HaveCount 1
            $result.role_arn | Should -Be "first_value"
            $result.source_profile | Should -BeExactly "first_value"
            $result.region | Should -BeExactly "a_value_not_in_object_one"
            $result.mfa_serial | Should -BeNullOrEmpty
        }

        It "Refuses to Return Properties Defined as Sensitive" {

            Mock -CommandName Test-Path -ModuleName $moduleForMock -MockWith { return $true }
            Mock -CommandName ConvertTo-AwsCredentialEntry -ModuleName $moduleForMock -MockWith { return $_ }

            $propertiesToIgnore = @("aws_secret_access_key", "aws_session_token")
            foreach ($property in $propertiesToIgnore) {

                Mock -CommandName Get-Content -ModuleName $moduleForMock -MockWith { return @( "[OhSay]","role_arn=Can","source_profile=You","$property=See") } `
                    -ParameterFilter { $Path -Match "config" }

                $result = Get-AwsCredentialConfiguration
                $result[0].$property | Should -BeNullOrEmpty
            }
        }
    }
}