"""Tests for per-tenant control suppression. The service is DB-bound (verified
e2e against the seeded DB); here we pin the request-model validation + import
safety so CI catches breakage in the routes/service modules."""

import pytest

from compliance.api.control_suppression_routes import RevertRequest, SuppressRequest
from compliance.services import control_suppression


def test_suppress_request_requires_control_uuid():
    with pytest.raises(Exception):
        SuppressRequest()  # type: ignore[call-arg]  # control_uuid missing
    req = SuppressRequest(control_uuid="c-1", reason="für uns nicht anwendbar",
                          actor="dsb@kunde.de")
    assert req.control_uuid == "c-1"
    assert req.reason == "für uns nicht anwendbar"
    assert req.actor == "dsb@kunde.de"


def test_revert_request_fields_optional():
    r = RevertRequest()
    assert r.reason is None and r.actor is None


def test_service_exposes_expected_api():
    for fn in ("suppress", "revert", "list_suppressions",
               "suppressed_control_uuids"):
        assert callable(getattr(control_suppression, fn))


def test_suppressed_uuids_empty_without_tenant():
    # no tenant → no filter, no DB access
    assert control_suppression.suppressed_control_uuids(db=None, tenant_id=None) == set()
    assert control_suppression.suppressed_control_uuids(db=None, tenant_id="") == set()