# -*- coding: utf-8 -*-
# Copyright 2018 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Integration tests for pap command."""

from __future__ import absolute_import

import gslib.tests.testcase as testcase
from gslib.tests.testcase.integration_testcase import SkipForGS
from gslib.tests.testcase.integration_testcase import SkipForJSON
from gslib.tests.testcase.integration_testcase import SkipForXML
from gslib.tests.util import ObjectToURI as suri
from gslib.tests.util import SetBotoConfigForTest


class TestPublicAccessPrevention(testcase.GsUtilIntegrationTestCase):
  """Integration tests for pap command."""

  _set_pap_cmd = ['pap', 'set']
  _get_pap_cmd = ['pap', 'get']

  @SkipForXML('Public access prevention only runs on GCS JSON API')
  def test_off_on_default_buckets(self):
    bucket_uri = self.CreateBucket()
    self.VerifyPublicAccessPreventionValue(bucket_uri, 'inherited')

  @SkipForXML('Public access prevention only runs on GCS JSON API')
  def test_turning_off_on_enabled_buckets(self):
    bucket_uri = self.CreateBucket(public_access_prevention='enforced',
                                   prefer_json_api=True)
    self.VerifyPublicAccessPreventionValue(bucket_uri, 'enforced')

    self.RunGsUtil(self._set_pap_cmd + ['inherited', suri(bucket_uri)])
    self.VerifyPublicAccessPreventionValue(bucket_uri, 'inherited')

  @SkipForXML('Public access prevention only runs on GCS JSON API')
  def test_turning_on(self):
    bucket_uri = self.CreateBucket()
    self.RunGsUtil(self._set_pap_cmd + ['enforced', suri(bucket_uri)])
    self.VerifyPublicAccessPreventionValue(bucket_uri, 'enforced')

  @SkipForXML('Public access prevention only runs on GCS JSON API')
  def test_turning_on_and_off(self):
    bucket_uri = self.CreateBucket()

    self.RunGsUtil(self._set_pap_cmd + ['enforced', suri(bucket_uri)])
    self.VerifyPublicAccessPreventionValue(bucket_uri, 'enforced')

    self.RunGsUtil(self._set_pap_cmd + ['inherited', suri(bucket_uri)])
    self.VerifyPublicAccessPreventionValue(bucket_uri, 'inherited')

  @SkipForXML('Public access prevention only runs on GCS JSON API')
  def test_multiple_buckets(self):
    bucket_uri1 = self.CreateBucket()
    bucket_uri2 = self.CreateBucket()
    stdout = self.RunGsUtil(
        self._get_pap_cmd +
        [suri(bucket_uri1), suri(bucket_uri2)],
        return_stdout=True)
    self.assertRegex(stdout, r'%s:\s+inherited' % suri(bucket_uri1))
    self.assertRegex(stdout, r'%s:\s+inherited' % suri(bucket_uri2))

  @SkipForJSON('Testing XML only behavior')
  def test_xml_fails(self):
    # use HMAC for force XML API
    boto_config_hmac_auth_only = [
        # Overwrite other credential types.
        ('Credentials', 'gs_oauth2_refresh_token', None),
        ('Credentials', 'gs_service_client_id', None),
        ('Credentials', 'gs_service_key_file', None),
        ('Credentials', 'gs_service_key_file_password', None),
        # Add hmac credentials.
        ('Credentials', 'gs_access_key_id', 'dummykey'),
        ('Credentials', 'gs_secret_access_key', 'dummysecret'),
    ]
    with SetBotoConfigForTest(boto_config_hmac_auth_only):
      bucket_uri = 'gs://any-bucket-name'
      stderr = self.RunGsUtil(self._set_pap_cmd + ['inherited', bucket_uri],
                              return_stderr=True,
                              expected_status=1)
      self.assertIn('command can only be with the Cloud Storage JSON API',
                    stderr)

      stderr = self.RunGsUtil(self._get_pap_cmd + [bucket_uri],
                              return_stderr=True,
                              expected_status=1)
      self.assertIn('command can only be with the Cloud Storage JSON API',
                    stderr)

  @SkipForGS('Testing S3 only behavior')
  def test_s3_fails(self):
    bucket_uri = self.CreateBucket()
    stderr = self.RunGsUtil(self._set_pap_cmd +
                            ['inherited', suri(bucket_uri)],
                            return_stderr=True,
                            expected_status=1)
    if self._use_gcloud_storage:
      self.assertIn('Flags disallowed for S3', stderr)
    else:
      self.assertIn('command can only be used for GCS Buckets', stderr)

    if not self._use_gcloud_storage:
      # gcloud storage uses a generic buckets describe command for this, and it
      # would not print a result instead of erroring.
      stderr = self.RunGsUtil(self._get_pap_cmd + [suri(bucket_uri)],
                              return_stderr=True,
                              expected_status=1)
      self.assertIn('command can only be used for GCS Buckets', stderr)

  def test_set_too_few_arguments_fails(self):
    stderr = self.RunGsUtil(self._set_pap_cmd,
                            return_stderr=True,
                            expected_status=1)
    self.assertIn('command requires at least', stderr)

  def test_get_too_few_arguments_fails(self):
    stderr = self.RunGsUtil(self._get_pap_cmd,
                            return_stderr=True,
                            expected_status=1)
    self.assertIn('command requires at least', stderr)

  def test_no_subcommand_fails(self):
    stderr = self.RunGsUtil(['pap'], return_stderr=True, expected_status=1)
    self.assertIn('command requires at least', stderr)

  def test_invalid_subcommand_fails(self):
    stderr = self.RunGsUtil(['pap', 'fakecommand', 'test'],
                            return_stderr=True,
                            expected_status=1)
    self.assertIn('Invalid subcommand', stderr)