github.com/kbehouse/nsc@v0.0.6/cmd/nkeyconfigbuilder_test.go (about) 1 /* 2 * Copyright 2018-2019 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "fmt" 20 "strings" 21 "testing" 22 23 "github.com/nats-io/jwt/v2" 24 25 "github.com/kbehouse/nsc/cmd/store" 26 "github.com/stretchr/testify/require" 27 ) 28 29 func Test_NkeyResolverBasicProperties(t *testing.T) { 30 ts := NewTestStore(t, "O") 31 defer ts.Done(t) 32 ts.AddAccount(t, "A") 33 ts.AddUser(t, "A", "ua") 34 ts.AddAccount(t, "B") 35 ts.AddUser(t, "B", "ub") 36 37 builder := NewNKeyConfigBuilder() 38 39 a, err := ts.Store.Read(store.Accounts, "A", store.JwtName("A")) 40 require.NoError(t, err) 41 err = builder.Add(a) 42 require.NoError(t, err) 43 44 uac, err := ts.Store.ReadUserClaim("A", "ua") 45 require.NoError(t, err) 46 ua, err := ts.Store.Read(store.Accounts, "A", store.Users, store.JwtName("ua")) 47 require.NoError(t, err) 48 err = builder.Add(ua) 49 require.NoError(t, err) 50 51 b, err := ts.Store.Read(store.Accounts, "B", store.JwtName("B")) 52 require.NoError(t, err) 53 err = builder.Add(b) 54 require.NoError(t, err) 55 56 ubc, err := ts.Store.ReadUserClaim("B", "ub") 57 require.NoError(t, err) 58 ub, err := ts.Store.Read(store.Accounts, "B", store.Users, store.JwtName("ub")) 59 require.NoError(t, err) 60 err = builder.Add(ub) 61 require.NoError(t, err) 62 63 d, err := builder.Generate() 64 require.NoError(t, err) 65 66 conf := string(d) 67 conf = strings.ReplaceAll(conf, " ", "") 68 conf = strings.ReplaceAll(conf, "\n", "") 69 70 require.Contains(t, conf, "accounts:{") 71 require.Contains(t, conf, fmt.Sprintf("A:{users:[{nkey:%s}]}", uac.Subject)) 72 require.Contains(t, conf, fmt.Sprintf("B:{users:[{nkey:%s}]}", ubc.Subject)) 73 } 74 75 func Test_NkeyResolverExportsStreamsServices(t *testing.T) { 76 ts := NewTestStore(t, "O") 77 defer ts.Done(t) 78 ts.AddAccount(t, "A") 79 ts.AddExport(t, "A", jwt.Service, "service.>", true) 80 ts.AddExport(t, "A", jwt.Stream, "stream.>", true) 81 82 builder := NewNKeyConfigBuilder() 83 84 a, err := ts.Store.Read(store.Accounts, "A", store.JwtName("A")) 85 require.NoError(t, err) 86 err = builder.Add(a) 87 require.NoError(t, err) 88 89 d, err := builder.Generate() 90 require.NoError(t, err) 91 92 conf := string(d) 93 conf = strings.ReplaceAll(conf, " ", "") 94 conf = strings.ReplaceAll(conf, "\n", "") 95 96 require.Contains(t, conf, "accounts:{A:{exports:[") 97 require.Contains(t, conf, "{service:service.>}") 98 require.Contains(t, conf, "{stream:stream.>}") 99 } 100 101 func Test_NkeyResolverExportsPrivateStreamsServices(t *testing.T) { 102 ts := NewTestStore(t, "O") 103 defer ts.Done(t) 104 ts.AddAccount(t, "A") 105 ts.AddExport(t, "A", jwt.Service, "service.>", false) 106 ts.AddExport(t, "A", jwt.Stream, "stream.>", false) 107 108 builder := NewNKeyConfigBuilder() 109 110 a, err := ts.Store.Read(store.Accounts, "A", store.JwtName("A")) 111 require.NoError(t, err) 112 err = builder.Add(a) 113 require.NoError(t, err) 114 115 d, err := builder.Generate() 116 require.NoError(t, err) 117 118 conf := string(d) 119 conf = strings.ReplaceAll(conf, " ", "") 120 conf = strings.ReplaceAll(conf, "\n", "") 121 122 require.Contains(t, conf, "accounts:{A:{exports:[") 123 require.Contains(t, conf, "{service:service.>,accounts:[]}") 124 require.Contains(t, conf, "{stream:stream.>,accounts:[]}") 125 } 126 127 func Test_NkeyResolverMapsImporter(t *testing.T) { 128 ts := NewTestStore(t, "O") 129 defer ts.Done(t) 130 ts.AddAccount(t, "A") 131 ts.AddExport(t, "A", jwt.Service, "service.b", false) 132 ts.AddExport(t, "A", jwt.Stream, "stream.a", false) 133 134 ts.AddAccount(t, "B") 135 136 ts.AddImport(t, "A", "service.b", "B") 137 ts.AddImport(t, "A", "stream.a", "B") 138 139 builder := NewNKeyConfigBuilder() 140 141 a, err := ts.Store.Read(store.Accounts, "A", store.JwtName("A")) 142 require.NoError(t, err) 143 err = builder.Add(a) 144 require.NoError(t, err) 145 146 b, err := ts.Store.Read(store.Accounts, "B", store.JwtName("B")) 147 require.NoError(t, err) 148 err = builder.Add(b) 149 require.NoError(t, err) 150 151 d, err := builder.Generate() 152 require.NoError(t, err) 153 154 conf := string(d) 155 156 conf = strings.ReplaceAll(conf, " ", "") 157 conf = strings.ReplaceAll(conf, "\n", "") 158 159 require.Contains(t, conf, "{service:service.b,accounts:[B]}") 160 require.Contains(t, conf, "{stream:stream.a,accounts:[B]}") 161 162 require.Contains(t, conf, "{service:{account:A,subject:service.b},to:service.b}") 163 require.Contains(t, conf, "{stream:{account:A,subject:stream.a}}") 164 } 165 166 func Test_NkeyResolverAddsSigningKeyUser(t *testing.T) { 167 ts := NewTestStore(t, "O") 168 defer ts.Done(t) 169 170 _, pk, sk := CreateAccountKey(t) 171 ts.AddAccount(t, "A") 172 ac, err := ts.Store.ReadAccountClaim("A") 173 require.NoError(t, err) 174 ac.SigningKeys.Add(pk) 175 token, err := ac.Encode(sk) 176 require.NoError(t, err) 177 rs, err := ts.Store.StoreClaim([]byte(token)) 178 require.NoError(t, err) 179 require.Nil(t, rs) 180 181 ts.AddUserWithSigner(t, "A", "ua", sk) 182 183 builder := NewNKeyConfigBuilder() 184 185 a, err := ts.Store.Read(store.Accounts, "A", store.JwtName("A")) 186 require.NoError(t, err) 187 err = builder.Add(a) 188 require.NoError(t, err) 189 190 ua, err := ts.Store.Read(store.Accounts, "A", store.Users, store.JwtName("ua")) 191 require.NoError(t, err) 192 require.NoError(t, builder.Add(ua)) 193 uc, err := ts.Store.ReadUserClaim("A", "ua") 194 require.NoError(t, err) 195 196 d, err := builder.Generate() 197 require.NoError(t, err) 198 199 conf := string(d) 200 conf = strings.ReplaceAll(conf, " ", "") 201 conf = strings.ReplaceAll(conf, "\n", "") 202 203 require.Contains(t, conf, "accounts:{") 204 require.Contains(t, conf, fmt.Sprintf("accounts:{A:{users:[{nkey:%s}]}", uc.Subject)) 205 }