"""Tests for warden.models."""
from pathlib import Path

import pytest

from warden.models import (
    ACTOR_PREFIX,
    DEFAULT_TTL_HOURS,
    ActorType,
    CertSpec,
    validate_actor_name,
)


def test_default_ttl_per_type():
    assert DEFAULT_TTL_HOURS[ActorType.ADM] == 48
    assert DEFAULT_TTL_HOURS[ActorType.AGT] == 24
    assert DEFAULT_TTL_HOURS[ActorType.ATM] == 8


def test_actor_prefix_map():
    assert ACTOR_PREFIX[ActorType.ADM] == "adm-"
    assert ACTOR_PREFIX[ActorType.AGT] == "agt-"
    assert ACTOR_PREFIX[ActorType.ATM] == "atm-"


@pytest.mark.parametrize("name,actor_type", [
    ("adm-bernd", ActorType.ADM),
    ("agt-incident-resolver-v2", ActorType.AGT),
    ("atm-backup-daily", ActorType.ATM),
])
def test_validate_actor_name_valid(name, actor_type):
    validate_actor_name(name, actor_type)  # should not raise


@pytest.mark.parametrize("name,actor_type", [
    ("bernd", ActorType.ADM),
    ("automation-backup", ActorType.ATM),
    ("agt-bridge", ActorType.ADM),  # wrong type for prefix
    ("atm-backup", ActorType.AGT),
])
def test_validate_actor_name_invalid(name, actor_type):
    with pytest.raises(ValueError, match="must start with"):
        validate_actor_name(name, actor_type)


def test_certspec_default_identity():
    spec = CertSpec(
        actor_name="agt-test",
        actor_type=ActorType.AGT,
        pubkey_path=Path("/tmp/key.pub"),
        ttl_hours=24,
        principals=["agt-task-bridge"],
    )
    assert spec.identity == "agt-test"


def test_certspec_explicit_identity():
    spec = CertSpec(
        actor_name="agt-test",
        actor_type=ActorType.AGT,
        pubkey_path=Path("/tmp/key.pub"),
        ttl_hours=24,
        principals=["agt-task-bridge"],
        identity="custom-identity",
    )
    assert spec.identity == "custom-identity"