#!/usr/bin/env bash
# PURPOSE: Test to verify update_sops.sh script
set -ueo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"

keys_dir="$(dirname "${BASH_SOURCE[0]}")/.."
# deliberate just "dot" for current dir
sops_cfg_dir=.
secrets_file="mock_secrets.yaml"

# prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321
test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" )

set -x
# SAMPLE COMMANDS - manually uncomment to try out
# minimal operation: update .sops.yaml, update keys in encrypted file
../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
# Full Args: specify path to each, also for secrets, mix specified and positional params
# ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}"
# TEST: induce error: invalid file
# ../bin/update_sops.sh "${secrets_file}" -s non_existing_secrets.yaml

# Special Case: Add caveat header
cat <<EOM > .sops.yaml.tmp
# PURPOSE: BLUEPRINT for .sops.yaml config
# CAVEAT: DO NOT USE THIS FILE AS-IS in another project; copy it and remove the unauthorised users
$( cat .sops.yaml )
EOM
mv .sops.yaml.tmp .sops.yaml

# TEST
# define "fixture"
repo_root="$(git rev-parse --show-toplevel)"
read -p "start testing?" __var
# ---
# create sops cfg in curdir
rm .sops.yaml
../bin/update_sops.sh -c "${PWD}" -s "${secrets_file}"
test -e "${PWD}/.sops.yaml"
test ! -e "${repo_root}/.sops.yaml"
read -p "next test?" __var
# ---
# create sops cfg in default (repo root)
rm .sops.yaml
# note: fail if for any reason sops config defined at top level; this repo should not have this!
test -e "${repo_root}/.sops.yaml"
../bin/update_sops.sh -s "${secrets_file}"
test ! -e "${PWD}/.sops.yaml"
test -e "${repo_root}/.sops.yaml"
read -p "next test?" __var