github.com/kbehouse/nsc@v0.0.6/cmd/editscopedsk_test.go (about) 1 /* 2 * Copyright 2018-2021 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "io/ioutil" 20 "os" 21 "testing" 22 23 "github.com/nats-io/jwt/v2" 24 "github.com/stretchr/testify/require" 25 ) 26 27 func Test_EditScopedSk_NotFound(t *testing.T) { 28 ts := NewTestStore(t, "edit scope") 29 defer ts.Done(t) 30 31 ts.AddAccount(t, "A") 32 33 _, _, err := ExecuteCmd(createEditSkopedSkCmd(), "--account", "not there") 34 require.Error(t, err) 35 36 _, _, err = ExecuteCmd(createEditSkopedSkCmd(), "--account", "A", "--sk", "not there") 37 require.Error(t, err) 38 } 39 40 func Test_EditScopedSk_Subs(t *testing.T) { 41 ts := NewTestStore(t, "edit scope") 42 defer ts.Done(t) 43 44 ts.AddAccount(t, "A") 45 _, pk, _ := CreateAccountKey(t) 46 s, pk2, kp := CreateAccountKey(t) 47 48 _, _, err := ExecuteCmd(createEditAccount(), "--sk", pk, "--sk", pk2) 49 require.NoError(t, err) 50 51 ac, err := ts.Store.ReadAccountClaim("A") 52 require.NoError(t, err) 53 require.Contains(t, ac.SigningKeys, pk) 54 require.Contains(t, ac.SigningKeys, pk2) 55 56 checkAcc := func(subs int64) { 57 ac, err = ts.Store.ReadAccountClaim("A") 58 require.NoError(t, err) 59 require.Contains(t, ac.SigningKeys, pk) 60 s, ok := ac.SigningKeys.GetScope(pk) 61 require.True(t, ok) 62 require.Nil(t, s) 63 require.Contains(t, ac.SigningKeys, pk2) 64 s, ok = ac.SigningKeys.GetScope(pk2) 65 require.True(t, ok) 66 require.NotNil(t, s) 67 us := s.(*jwt.UserScope) 68 require.Equal(t, us.Template.Subs, subs) 69 require.Equal(t, us.Template.Data, int64(5*1024)) 70 require.True(t, us.Template.AllowedConnectionTypes.Contains("LEAFNODE")) 71 require.True(t, us.Template.Sub.Allow.Contains("foo")) 72 require.True(t, us.Template.Sub.Deny.Contains("bar")) 73 require.True(t, us.Template.Pub.Allow.Contains("foo")) 74 require.True(t, us.Template.BearerToken) 75 require.Equal(t, us.Role, "foo") 76 } 77 78 _, _, err = ExecuteCmd(createEditSkopedSkCmd(), "--account", "A", "--sk", pk2, "--subs", "5", "--role", "foo", 79 "--allow-pub", "foo", "--allow-sub", "foo", "--deny-sub", "bar", "--conn-type", "LEAFNODE", "--data", "5kib", "--bearer") 80 require.NoError(t, err) 81 checkAcc(5) 82 // update using role name, with key that can't be found 83 _, _, err = ExecuteCmd(createEditSkopedSkCmd(), "--account", "A", "--sk", "foo", "--subs", "10") 84 require.Error(t, err) 85 86 // store seed in temporary file and keystore so it can be found 87 f, err := ioutil.TempFile("", "") 88 defer os.Remove(f.Name()) 89 require.NoError(t, err) 90 f.Write(s) 91 f.Sync() 92 _, err = ts.KeyStore.Store(kp) 93 require.NoError(t, err) 94 // update using role name 95 _, _, err = ExecuteCmd(createEditSkopedSkCmd(), "--account", "A", "--sk", "foo", "--subs", "10") 96 require.NoError(t, err) 97 98 }