import 'package:podman/podman.dart';
import 'package:test/test.dart';

import 'support/fake_podman_transport.dart';

void main() {
  group('PodmanClient secrets API', () {
    test('supports create, list, inspect, exists, and remove', () async {
      final transport = FakePodmanTransport()
        ..enqueue(
          method: HttpMethod.post,
          path: '/v5.0.0/libpod/secrets/create',
          queryParameters: const <String, List<String>>{
            'name': <String>['jwt-signing-key'],
            'driver': <String>['file'],
            'driveropts': <String>['mode=0400'],
            'labels': <String>['service=auth'],
          },
          body: 'super-secret',
          statusCode: 200,
          responseBody: const <String, Object?>{'ID': 'secret-123'},
        )
        ..enqueue(
          method: HttpMethod.get,
          path: '/v5.0.0/libpod/secrets/json',
          responseBody: <Object?>[
            <String, Object?>{
              'ID': 'secret-123',
              'CreatedAt': '2026-01-01T00:00:00Z',
              'UpdatedAt': '2026-01-01T00:00:00Z',
              'Spec': <String, Object?>{
                'Name': 'jwt-signing-key',
                'Driver': <String, Object?>{'Name': 'file'},
                'Labels': <String, String>{'service': 'auth'},
              },
            },
          ],
        )
        ..enqueue(
          method: HttpMethod.get,
          path: '/v5.0.0/libpod/secrets/jwt-signing-key/json',
          queryParameters: const <String, List<String>>{
            'showsecret': <String>['true'],
          },
          responseBody: const <String, Object?>{
            'ID': 'secret-123',
            'SecretData': 'super-secret',
            'Spec': <String, Object?>{
              'Name': 'jwt-signing-key',
              'Driver': <String, Object?>{'Name': 'file'},
              'Labels': <String, String>{'service': 'auth'},
            },
          },
        )
        ..enqueue(
          method: HttpMethod.get,
          path: '/v5.0.0/libpod/secrets/jwt-signing-key/exists',
          statusCode: 204,
        )
        ..enqueue(
          method: HttpMethod.delete,
          path: '/v5.0.0/libpod/secrets/jwt-signing-key',
          statusCode: 204,
        );

      final client = PodmanClient(transport: transport);

      final created = await client.createSecret(
        const SecretCreateOptions(
          name: 'jwt-signing-key',
          data: 'super-secret',
          driver: 'file',
          driverOptions: <String, String>{'mode': '0400'},
          labels: <String, String>{'service': 'auth'},
        ),
      );
      expect(created.id, 'secret-123');

      final secrets = await client.listSecrets();
      expect(secrets, hasLength(1));
      expect(secrets.first.name, 'jwt-signing-key');
      expect(secrets.first.driver, 'file');

      final details = await client.inspectSecret(
        'jwt-signing-key',
        showSecret: true,
      );
      expect(details.secretData, 'super-secret');
      expect(details.labels['service'], 'auth');

      final exists = await client.secretExists('jwt-signing-key');
      expect(exists, isTrue);

      await client.removeSecret('jwt-signing-key');
      transport.expectNoPending();
    });
  });
}