#!/usr/bin/env bash
set -euo pipefail

repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"

fail() {
  echo "ERROR: $*" >&2
  exit 1
}

assert_contains() {
  local output="$1"
  local expected="$2"
  grep -Fq -- "$expected" <<<"$output" || fail "output must contain: $expected"
}

assert_not_exists() {
  local path="$1"
  [[ ! -e "$path" ]] || fail "path must not exist: $path"
}

source "$repo_root/scripts/backup/lib/common.sh"
source "$repo_root/scripts/backup/lib/manifest.sh"
source "$repo_root/scripts/backup/lib/personnel_dataset.sh"

[[ "$(normalize_dataset_profile full)" == "full" ]] || fail "full dataset profile must be accepted"
[[ "$(normalize_dataset_profile personnel)" == "personnel" ]] || fail "personnel dataset profile must be accepted"

if normalize_dataset_profile unknown >/tmp/baron-sso-dataset-profile.out 2>&1; then
  fail "unknown dataset profile must be rejected"
fi
assert_contains "$(cat /tmp/baron-sso-dataset-profile.out)" "unknown backup dataset"

tmp_dir="$(mktemp -d /tmp/baron-sso-personnel-dataset.XXXXXX)"
trap 'rm -rf "$tmp_dir"' EXIT INT TERM

create_manifest "$tmp_dir" "maintenance" "postgres ory-postgres" "personnel"
jq -e '.dataset == "personnel" and .environment_scope == "staging-rehearsal"' "$tmp_dir/manifest.json" >/dev/null \
  || fail "personnel manifest must mark the staging rehearsal dataset scope"

mkdir -p "$tmp_dir/datasets/personnel/reports"
write_personnel_dataset_manifest "$tmp_dir" "postgres ory-postgres"

dataset_manifest="$tmp_dir/datasets/personnel/dataset-manifest.json"
jq -e '
  .dataset == "personnel"
  and (.excluded.databases | index("ory_hydra"))
  and (.excluded.tables | index("public.relying_parties"))
  and (.excluded.tables | index("public.rp_user_metadata"))
  and (.excluded.tables | index("public.client_consents"))
  and (.restore_policy.reset_credentials == true)
' "$dataset_manifest" >/dev/null || fail "personnel dataset manifest must document Hydra/RP exclusions and credential reset policy"

assert_not_exists "$tmp_dir/postgres/ory_hydra.dump"
assert_not_exists "$tmp_dir/postgres/baron.dump"

dump_dry_run="$(
  make --dry-run --always-make -C "$repo_root" dump \
    DUMP_SERVICES="postgres,ory-postgres" \
    DUMP_DATASET="personnel" \
    DUMP_MODE="maintenance" 2>&1
)"
assert_contains "$dump_dry_run" 'DUMP_DATASET="personnel"'

restore_dry_run="$(
  make --dry-run --always-make -C "$repo_root" restore \
    BACKUP="backups/example" \
    RESTORE_SERVICES="postgres,ory-postgres" \
    RESTORE_DATASET="personnel" \
    CONFIRM_RESTORE="baron-sso" 2>&1
)"
assert_contains "$restore_dry_run" 'RESTORE_DATASET="personnel"'

echo "OK: personnel dataset backup policy excludes Hydra/RP data and exposes Makefile controls"