varnishtest "haproxy ACL, CLI and mCLI spaces"
feature ignore_unknown_macro

server s1 {
   rxreq
   expect req.method == "GET"
   txresp
} -repeat 2 -start

haproxy h1 -W -S -conf {
  defaults
    mode http
    timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
    timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
    timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"

  frontend fe1
    bind "fd@${fe1}"

    http-request deny if { req.hdr(user-agent) -i -m str -f ${testdir}/agents.acl }

    default_backend be1

  backend be1
    server s1 ${s1_addr}:${s1_port}

} -start

client c1 -connect ${h1_fe1_sock} {
    txreq -hdr "User-Agent: Mon User Agent"
    rxresp
    expect resp.status == 200
} -run

haproxy h1 -cli {
  send "add acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;"
  expect ~ .*

  send "show acl ${testdir}/agents.acl"
  expect ~ ".*Mon User Agent.*"
}

client c1 -connect ${h1_fe1_sock} {
    txreq -hdr "User-Agent: Mon User Agent;"
    rxresp
    expect resp.status == 403
} -run


haproxy h1 -cli {
  send "del acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;"
  expect ~ .*

  send "show acl ${testdir}/agents.acl"
  expect ~ .*
}

client c1 -connect ${h1_fe1_sock} {
    txreq -hdr "User-Agent: Mon User Agent;"
    rxresp
    expect resp.status == 200
} -run


# Try it with the master CLI
haproxy h1 -mcli {
  send "@1 add acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;;@1 show acl ${testdir}/agents.acl"
  expect ~ ".*Mon User Agent;.*"
}

client c1 -connect ${h1_fe1_sock} {
    txreq -hdr "User-Agent: Mon User Agent;"
    rxresp
    expect resp.status == 403
} -run