# shellcheck shell=bash
# run-shellcheck
test_audit() {
    describe Running on blank host
    register_test retvalshouldbe 0
    dismiss_count_for_test
    # shellcheck disable=2154
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

    local test_user="testsshduser"
    local test_file="/etc/ssh/ssh_host_test_key.pub"

    touch "$test_file"

    describe Tests purposely failing
    chmod 777 "$test_file"
    register_test retvalshouldbe 1
    register_test contain "permissions were not set to"
    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

    describe correcting situation
    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
    /opt/debian-cis/bin/hardening/"${script}".sh --apply || true

    describe Tests purposely failing
    useradd "$test_user"
    chown "$test_user":"$test_user" "$test_file"
    register_test retvalshouldbe 1
    register_test contain "ownership was not set to"
    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

    describe correcting situation
    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
    /opt/debian-cis/bin/hardening/"${script}".sh --apply || true

    describe Checking resolved state
    register_test retvalshouldbe 0
    register_test contain "SSH public keys in /etc/ssh have correct permissions"
    register_test contain "SSH public keys in /etc/ssh have correct ownership"
    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

    # Cleanup
    userdel "$test_user"
}