package authz

import (
	"os"
	"testing"
)

func TestNewAllowedSigner(t *testing.T) {
	line, err := os.ReadFile("testdata/operator.pub")
	if err != nil {
		t.Fatal(err)
	}
	s, err := NewAllowedSigner("felhom-op-1", RoleOperational, string(line))
	if err != nil {
		t.Fatalf("NewAllowedSigner: %v", err)
	}
	if s.KeyID != "felhom-op-1" || s.Role != RoleOperational || s.PublicKey == nil {
		t.Errorf("signer = %+v", s)
	}
	if s.PublicKey.Type() != "ssh-ed25519" {
		t.Errorf("key type = %q", s.PublicKey.Type())
	}
}

func TestNewAllowedSigner_BadRole(t *testing.T) {
	line, _ := os.ReadFile("testdata/operator.pub")
	if _, err := NewAllowedSigner("k", "bogus", string(line)); err == nil {
		t.Fatal("invalid role should error")
	}
}

func TestNewAllowedSigner_BadLine(t *testing.T) {
	if _, err := NewAllowedSigner("k", RoleOperational, "not a key"); err == nil {
		t.Fatal("malformed key line should error")
	}
}