# frozen_string_literal: true

audit = command(
  "/usr/bin/apt-config dump --no-empty --format '%f=%v%n' Unattended-Upgrade"
).stdout

options = {
  assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
  multiple_values: true
}

control 'Apt unattended upgrades' do
  title 'should be configured'

  describe file('/etc/apt/apt.conf.d/50unattended-upgrades') do
    it { should be_file }
    it { should be_owned_by 'root' }
    it { should be_grouped_into 'root' }
    its('mode') { should cmp '0644' }
  end

  describe file('/etc/apt/apt.conf.d/10periodic') do
    it { should exist }
    it { should be_owned_by 'root' }
    it { should be_grouped_into 'root' }
    its('mode') { should cmp '0644' }
    its(:content) do
      should match(
        'APT::Periodic::Enable "1";'
      )
    end
  end

  describe parse_config(audit, options) do
    its('Unattended-Upgrade::Allowed-Origins::') { should include 'origin1' }
    its('Unattended-Upgrade::Mail') { should include 'root' }
    its('Unattended-Upgrade::MailReport') { should include 'only-on-error' }
    its('Unattended-Upgrade::Package-Blacklist::') { should include 'salt-test' }
    its('Unattended-Upgrade::Automatic-Reboot') { should include 'False' }
    its('Unattended-Upgrade::SyslogEnable') { should include 'True' }
    its('Unattended-Upgrade::SyslogFacility') { should include 'auth' }
    its('Unattended-Upgrade::Remove-Unused-Dependencies') { should include 'True' }
    its('Unattended-Upgrade::Keep-Debs-After-Install') { should include 'False' }
    its('Unattended-Upgrade::Update-Days::') { should include 'Wed' }
  end
end