github.com/kbehouse/nsc@v0.0.6/cmd/reissueoperator_test.go (about) 1 /* 2 * Copyright 2020 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "testing" 20 21 "github.com/stretchr/testify/require" 22 ) 23 24 func Test_ReIssue(t *testing.T) { 25 ts := NewTestStore(t, "O") 26 defer ts.Done(t) 27 op1, err := ts.Store.ReadOperatorClaim() 28 require.NoError(t, err) 29 _, _, err = ExecuteCmd(createReIssueOperatorCmd()) 30 require.NoError(t, err) 31 op2, err := ts.Store.ReadOperatorClaim() 32 require.NoError(t, err) 33 require.NotEqual(t, op1.Subject, op2.Subject) 34 require.Len(t, op1.SigningKeys, 0) 35 // add testing account 36 ts.AddAccount(t, "A") 37 38 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key") 39 require.NoError(t, err) 40 op3, err := ts.Store.ReadOperatorClaim() 41 require.NoError(t, err) 42 require.NotEqual(t, op2.Subject, op3.Subject) 43 require.Len(t, op3.SigningKeys, 1) 44 require.True(t, op3.SigningKeys.Contains(op2.Subject)) 45 46 ac, err := ts.Store.ReadAccountClaim("A") 47 require.NoError(t, err) 48 require.True(t, op3.DidSign(ac)) 49 50 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--name", "O") 51 require.NoError(t, err) 52 op4, err := ts.Store.ReadOperatorClaim() 53 require.NoError(t, err) 54 require.NotEqual(t, op3.Subject, op4.Subject) 55 require.Len(t, op4.SigningKeys, 1) 56 require.True(t, op4.SigningKeys.Contains(op2.Subject)) 57 58 ac, err = ts.Store.ReadAccountClaim("A") 59 require.NoError(t, err) 60 require.True(t, op4.DidSign(ac)) 61 } 62 63 func Test_ReIssueStrict(t *testing.T) { 64 ts := NewTestStore(t, "O") 65 defer ts.Done(t) 66 op1, err := ts.Store.ReadOperatorClaim() 67 require.NoError(t, err) 68 69 // add testing account 70 ts.AddAccount(t, "A") 71 72 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key") 73 require.NoError(t, err) 74 op3, err := ts.Store.ReadOperatorClaim() 75 require.NoError(t, err) 76 require.NotEqual(t, op1.Subject, op3.Subject) 77 require.Len(t, op3.SigningKeys, 1) 78 require.True(t, op3.SigningKeys.Contains(op1.Subject)) 79 ac, err := ts.Store.ReadAccountClaim("A") 80 require.NoError(t, err) 81 require.True(t, op3.DidSign(ac)) 82 83 _, _, err = ExecuteCmd(CreateEditOperatorCmd(), "--require-signing-keys") 84 require.NoError(t, err) 85 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key") 86 require.NoError(t, err) 87 }