package auth

import "testing"

func TestResolveRoles(t *testing.T) {
	roles := ResolveRoles(
		[]string{
			"cn=vctp-admins,ou=groups,dc=example,dc=com",
			" CN=VCTP-VIEWERS,OU=GROUPS,DC=EXAMPLE,DC=COM ",
		},
		map[string]string{
			"cn=vctp-admins,ou=groups,dc=example,dc=com":  "admin",
			"cn=vctp-viewers,ou=groups,dc=example,dc=com": "viewer",
		},
	)

	if len(roles) != 2 {
		t.Fatalf("expected 2 roles, got %d (%#v)", len(roles), roles)
	}
	if roles[0] != "admin" || roles[1] != "viewer" {
		t.Fatalf("unexpected resolved roles: %#v", roles)
	}
}

func TestHasAnyGroup(t *testing.T) {
	groups := []string{
		"cn=vctp-admins,ou=groups,dc=example,dc=com",
	}

	if !HasAnyGroup(groups, []string{" cn=vctp-admins,ou=groups,dc=example,dc=com "}) {
		t.Fatal("expected group intersection to match")
	}
	if HasAnyGroup(groups, []string{"cn=vctp-operators,ou=groups,dc=example,dc=com"}) {
		t.Fatal("expected no intersection")
	}
	if !HasAnyGroup(groups, nil) {
		t.Fatal("expected empty required groups to allow")
	}
}