import logging
from logging.handlers import TimedRotatingFileHandler
from pathlib import Path

from pam_deploy_graph.logging_utils import configure_logging, json_for_log, redact_for_log


def test_redact_for_log_masks_sensitive_keys_and_inline_assignments():
    payload = {
        "CLIENT_SECRET": "home-secret",
        "api_key": "llm-key",
        "nested": {
            "Authorization": "Bearer token-value",
            "message": "CLIENT_SECRET=abc api_key:xyz Authorization=Bearer raw-token header Bearer plain-token",
        },
    }

    redacted = redact_for_log(payload)
    serialized = json_for_log(payload)

    assert redacted["CLIENT_SECRET"] == "***"
    assert redacted["api_key"] == "***"
    assert redacted["nested"]["Authorization"] == "***"
    assert "home-secret" not in serialized
    assert "llm-key" not in serialized
    assert "token-value" not in serialized
    assert "CLIENT_SECRET=***" in serialized
    assert "api_key:***" in serialized
    assert "Authorization=***" in serialized
    assert "Bearer ***" in serialized
    assert "raw-token" not in serialized
    assert "plain-token" not in serialized


def test_configure_logging_uses_daily_rotation_and_retention(tmp_path: Path):
    log_path = tmp_path / "pam_deploy_agent.log"
    package_logger = logging.getLogger("pam_deploy_graph")
    previous_handlers = list(package_logger.handlers)
    for handler in previous_handlers:
        package_logger.removeHandler(handler)

    try:
        result = configure_logging(log_file=log_path, level="DEBUG", retention_days=3)

        assert result == log_path
        handlers = [handler for handler in package_logger.handlers if isinstance(handler, TimedRotatingFileHandler)]
        assert len(handlers) == 1
        handler = handlers[0]
        assert Path(handler.baseFilename) == log_path.resolve()
        assert handler.when == "MIDNIGHT"
        assert handler.backupCount == 3
        assert package_logger.level == logging.DEBUG

        configure_logging(log_file=log_path, level="INFO", retention_days=5)

        handlers = [handler for handler in package_logger.handlers if isinstance(handler, TimedRotatingFileHandler)]
        assert len(handlers) == 1
        assert handlers[0] is handler
        assert handler.backupCount == 5
        assert package_logger.level == logging.INFO
    finally:
        for handler in list(package_logger.handlers):
            package_logger.removeHandler(handler)
            handler.close()
        for handler in previous_handlers:
            package_logger.addHandler(handler)