"""Tests for scripts/build_flex_auth_registry.py."""
import json
import subprocess
import sys
from pathlib import Path

import yaml

ROOT = Path(__file__).resolve().parents[1]
SCRIPT = ROOT / "scripts" / "build_flex_auth_registry.py"
INVENTORY = ROOT / "examples" / "inventory.seed.yaml"


def test_build_registry_from_inventory_seed(tmp_path):
    out = tmp_path / "registry.json"
    subprocess.run(
        [sys.executable, str(SCRIPT), str(INVENTORY), "-o", str(out)],
        check=True,
        cwd=ROOT,
    )
    registry = json.loads(out.read_text())
    actors = yaml.safe_load(INVENTORY.read_text())["actors"]

    assert len(registry["subjects"]) == len(actors)
    assert len(registry["resource_manifests"][0]["resources"]) == len(actors)

    bridge = next(
        r
        for r in registry["resource_manifests"][0]["resources"]
        if r["id"] == "ssh-cert:actor/agt-state-hub-bridge"
    )
    assert bridge["attributes"]["actor_type"] == "agt"
    assert bridge["attributes"]["max_ttl_hours"] == 24
    assert "agt-task-bridge" in bridge["attributes"]["allowed_principals"]