# Tests success paths for secret management:
#
# 1. Tests that creating a secret passphrase results in the Barbican secret
#    ref being returned.
# 2. Tests that the same happens when querying revision documents.

defaults:
  request_headers:
    content-type: application/x-yaml
    X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
  response_headers:
    content-type: application/x-yaml
  verbose: true

tests:
  - name: purge
    desc: Begin testing from known state.
    DELETE: /api/v1.0/revisions
    status: 204
    response_headers: null

  - name: create_encrypted_passphrase
    desc: Create passphrase with storagePolicy=encrypted
    PUT: /api/v1.0/buckets/secret/documents
    status: 200
    data: |-
      ---
      schema: deckhand/Passphrase/v1
      metadata:
        schema: metadata/Document/v1
        name: my-passphrase
        storagePolicy: encrypted
      data: not-a-real-password
      ...
    response_multidoc_jsonpaths:
      $.`len`: 1
      # NOTE(fmontei): jsonpath-rw-ext uses a 1 character separator (rather than allowing a string)
      # leading to this nastiness:
      $.[0].data.`split(:, 0, 1)` + "://" + $.[0].data.`split(/, 2, 3)` + "/v1": $ENVIRON['TEST_BARBICAN_URL']

  - name: verify_revision_documents_returns_secret_ref
    desc: Verify that the documents for the created revision returns the secret ref.
    GET: /api/v1.0/revisions/$RESPONSE['$.[0].status.revision']/documents
    status: 200
    response_multidoc_jsonpaths:
      $.`len`: 1
      # NOTE(fmontei): jsonpath-rw-ext uses a 1 character separator (rather than allowing a string)
      # leading to this nastiness:
      $.[0].data.`split(:, 0, 1)` + "://" + $.[0].data.`split(/, 2, 3)` + "/v1": $ENVIRON['TEST_BARBICAN_URL']