//! Integration tests for the auto-NAT helper (`aura_cli::nat::NatGuard`).
//!
//! These tests only exercise the dry-run code path. Real NAT mutation needs root and a host with
//! `iptables` (Linux) or `pfctl` (macOS), neither of which is appropriate for the unit test runner.
//! The dry-run path is platform-portable: it logs `would run: ...` for both the Linux and macOS
//! plans and never touches the host. The same code path is what the operator can use to inspect
//! the apply plan with `cargo run -- server --config ...` when `[server.nat] dry_run = true`.

use aura_cli::nat::NatGuard;

/// Dry-run is supported on every host (Linux, macOS, Windows) and returns a guard with no
/// recorded rollback commands. Dropping it logs the "would undo" lines without panicking.
#[test]
fn dry_run_enable_succeeds() {
    let guard = NatGuard::enable("10.7.0.0/24", "eth0", true)
        .expect("dry_run NatGuard::enable must succeed");
    drop(guard);
}

/// The dry-run path tolerates arbitrary interface names — it never tries to look them up, just
/// logs what it would do. Also exercises a different pool CIDR.
#[test]
fn dry_run_enable_accepts_any_iface_name() {
    let guard = NatGuard::enable("192.168.99.0/24", "en0", true)
        .expect("dry_run must succeed with any iface name");
    drop(guard);
}