flex-auth/pkg/api/resource_manifest_test.go

package api_test

import (
	"os"
	"path/filepath"
	"testing"

	"gopkg.in/yaml.v3"

	"github.com/netkingdom/flex-auth/pkg/api"
)

// TestResourceManifestExampleParses is the golden test for the pinned
// FlexAuthResourceManifest shape. It loads examples/markitect/resource_manifest.yaml
// and verifies every field the Markitect emitter produces.
func TestResourceManifestExampleParses(t *testing.T) {
	path := filepath.Join("..", "..", "examples", "markitect", "resource_manifest.yaml")
	data, err := os.ReadFile(path)
	if err != nil {
		t.Fatalf("read %s: %v", path, err)
	}

	var got api.ResourceManifest
	if err := yaml.Unmarshal(data, &got); err != nil {
		t.Fatalf("unmarshal: %v", err)
	}

	if got.ID != "markitect-example-knowledge-base" {
		t.Errorf("ID = %q; want markitect-example-knowledge-base", got.ID)
	}
	if got.System != "markitect-tool" {
		t.Errorf("System = %q; want markitect-tool", got.System)
	}
	if got.Metadata["flex_auth_contract"] != api.FlexAuthContractV0 {
		t.Errorf("metadata.flex_auth_contract = %v; want %q", got.Metadata["flex_auth_contract"], api.FlexAuthContractV0)
	}

	wantActions := []string{"read", "query", "search", "package", "export"}
	if len(got.Actions) != len(wantActions) {
		t.Fatalf("Actions len = %d; want %d", len(got.Actions), len(wantActions))
	}
	for i, a := range wantActions {
		if got.Actions[i] != a {
			t.Errorf("Actions[%d] = %q; want %q", i, got.Actions[i], a)
		}
	}

	if len(got.Resources) != 3 {
		t.Fatalf("Resources len = %d; want 3", len(got.Resources))
	}

	kb := got.Resources[0]
	if kb.ID != "knowledge-base:markitect-example" || kb.Type != "knowledge_base" {
		t.Errorf("resources[0] = %+v; want knowledge-base header", kb)
	}
	if kb.TrustZone != "public" {
		t.Errorf("resources[0].trust_zone = %q; want public", kb.TrustZone)
	}

	internal := got.Resources[2]
	if internal.ID != "document:internal-note" {
		t.Errorf("resources[2].ID = %q; want document:internal-note", internal.ID)
	}
	if internal.Parent != "knowledge-base:markitect-example" {
		t.Errorf("resources[2].parent = %q; want knowledge-base:markitect-example", internal.Parent)
	}
	if internal.TrustZone != "internal" {
		t.Errorf("resources[2].trust_zone = %q; want internal", internal.TrustZone)
	}
	if len(internal.Labels) != 1 || internal.Labels[0] != "internal" {
		t.Errorf("resources[2].labels = %v; want [internal]", internal.Labels)
	}
}

func TestResourceManifestRequiredFields(t *testing.T) {
	const minimalYAML = `id: m1
system: s1
resources:
  - id: r1
    type: document
`
	var m api.ResourceManifest
	if err := yaml.Unmarshal([]byte(minimalYAML), &m); err != nil {
		t.Fatalf("unmarshal: %v", err)
	}
	if m.ID == "" || m.System == "" || len(m.Resources) != 1 {
		t.Fatalf("minimal manifest did not round-trip: %+v", m)
	}
}