---
# Test AWS credential reading from files
# Run with: ansible-playbook tests/test-aws-credentials.yml

- name: Test AWS credential file reading
  hosts: localhost
  gather_facts: no
  vars:
    # These would normally come from config.cfg
    cloud_providers:
      ec2:
        use_existing_eip: false

  tasks:
    - name: Test with environment variables
      block:
        - include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
          vars:
            algo_server_name: test-server

        - assert:
            that:
              - access_key == "test_env_key"
              - secret_key == "test_env_secret"
            msg: "Environment variables should take precedence"
      vars:
        AWS_ACCESS_KEY_ID: "test_env_key"
        AWS_SECRET_ACCESS_KEY: "test_env_secret"
      environment:
        AWS_ACCESS_KEY_ID: "test_env_key"
        AWS_SECRET_ACCESS_KEY: "test_env_secret"

    - name: Test with command line variables
      block:
        - include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
          vars:
            aws_access_key: "test_cli_key"
            aws_secret_key: "test_cli_secret"
            algo_server_name: test-server
            region: "us-east-1"

        - assert:
            that:
              - access_key == "test_cli_key"
              - secret_key == "test_cli_secret"
            msg: "Command line variables should take precedence over everything"

    - name: Test reading from credentials file
      block:
        - name: Create test credentials directory
          file:
            path: /tmp/test-aws
            state: directory
            mode: '0700'

        - name: Create test credentials file
          copy:
            dest: /tmp/test-aws/credentials
            mode: '0600'
            content: |
              [default]
              aws_access_key_id = test_file_key
              aws_secret_access_key = test_file_secret

              [test-profile]
              aws_access_key_id = test_profile_key
              aws_secret_access_key = test_profile_secret
              aws_session_token = test_session_token

        - name: Test default profile
          include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
          vars:
            algo_server_name: test-server
            region: "us-east-1"
          environment:
            HOME: /tmp/test-aws
            AWS_ACCESS_KEY_ID: ""
            AWS_SECRET_ACCESS_KEY: ""

        - assert:
            that:
              - access_key == "test_file_key"
              - secret_key == "test_file_secret"
            msg: "Should read from default profile"

        - name: Test custom profile
          include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
          vars:
            algo_server_name: test-server
            region: "us-east-1"
          environment:
            HOME: /tmp/test-aws
            AWS_PROFILE: "test-profile"
            AWS_ACCESS_KEY_ID: ""
            AWS_SECRET_ACCESS_KEY: ""

        - assert:
            that:
              - access_key == "test_profile_key"
              - secret_key == "test_profile_secret"
              - session_token == "test_session_token"
            msg: "Should read from custom profile with session token"

        - name: Cleanup test directory
          file:
            path: /tmp/test-aws
            state: absent