github.com/kbehouse/nsc@v0.0.6/cmd/revoke_listactivation_test.go (about) 1 /* 2 * Copyright 2018-2020 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "strings" 20 "testing" 21 "time" 22 23 "github.com/nats-io/jwt/v2" 24 "github.com/stretchr/testify/require" 25 ) 26 27 func TestRevokeListActivation(t *testing.T) { 28 ts := NewTestStore(t, "revoke_clear_user") 29 defer ts.Done(t) 30 31 ts.AddAccount(t, "A") 32 ts.AddExport(t, "A", jwt.Stream, "foo.>", false) 33 ts.AddExport(t, "A", jwt.Service, "bar", false) 34 ts.AddExport(t, "A", jwt.Service, "public", true) // we support revoking public exports 35 36 _, pub, _ := CreateAccountKey(t) 37 38 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--subject", "foo.bar", "--target-account", pub) 39 require.NoError(t, err) 40 41 _, _, err = ExecuteCmd(createRevokeActivationCmd(), "--subject", "bar", "--target-account", pub, "--service", "--at", "1001") 42 require.NoError(t, err) 43 44 _, _, err = ExecuteCmd(createRevokeActivationCmd(), "--subject", "public", "--target-account", pub, "--service", "--at", "2001") 45 require.NoError(t, err) 46 47 stdout, _, err := ExecuteCmd(createRevokeListActivationCmd(), "--subject", "foo.bar") 48 require.NoError(t, err) 49 50 require.True(t, strings.Contains(stdout, pub)) 51 require.False(t, strings.Contains(stdout, time.Unix(1001, 0).Format(time.RFC1123))) 52 require.False(t, strings.Contains(stdout, time.Unix(2001, 0).Format(time.RFC1123))) 53 54 stdout, _, err = ExecuteCmd(createRevokeListActivationCmd(), "--subject", "bar", "--service") 55 require.NoError(t, err) 56 57 require.True(t, strings.Contains(stdout, pub)) 58 require.True(t, strings.Contains(stdout, time.Unix(1001, 0).Format(time.RFC1123))) 59 require.False(t, strings.Contains(stdout, time.Unix(2001, 0).Format(time.RFC1123))) 60 61 stdout, _, err = ExecuteCmd(createRevokeListActivationCmd(), "--subject", "public", "--service") 62 require.NoError(t, err) 63 64 require.True(t, strings.Contains(stdout, pub)) 65 require.False(t, strings.Contains(stdout, time.Unix(1001, 0).Format(time.RFC1123))) 66 require.True(t, strings.Contains(stdout, time.Unix(2001, 0).Format(time.RFC1123))) 67 } 68 69 func TestRevokeListActivationNoAccount(t *testing.T) { 70 ts := NewTestStore(t, "O") 71 defer ts.Done(t) 72 _, _, err := ExecuteInteractiveCmd(createRevokeListActivationCmd(), []interface{}{}) 73 require.Error(t, err) 74 require.Contains(t, err.Error(), "no accounts defined") 75 } 76 77 func TestRevokeListActivationNoAccountInteractive(t *testing.T) { 78 ts := NewTestStore(t, "O") 79 defer ts.Done(t) 80 _, _, err := ExecuteCmd(createRevokeListActivationCmd()) 81 require.Error(t, err) 82 require.Contains(t, err.Error(), "an account is required") 83 } 84 85 func TestRevokeListActivationNoExport(t *testing.T) { 86 ts := NewTestStore(t, "O") 87 defer ts.Done(t) 88 ts.AddAccount(t, "A") 89 _, _, err := ExecuteCmd(createRevokeListActivationCmd(), "--service") 90 require.Error(t, err) 91 require.Contains(t, err.Error(), "doesn't have exports") 92 } 93 94 func TestRevokeListActivationNoServiceExport(t *testing.T) { 95 ts := NewTestStore(t, "O") 96 defer ts.Done(t) 97 ts.AddAccount(t, "A") 98 ts.AddExport(t, "A", jwt.Stream, "s", false) 99 _, _, err := ExecuteCmd(createRevokeListActivationCmd(), "--service") 100 require.Error(t, err) 101 require.Contains(t, err.Error(), "doesn't have service exports") 102 } 103 104 func TestRevokeListActivationNoStreamExport(t *testing.T) { 105 ts := NewTestStore(t, "O") 106 defer ts.Done(t) 107 ts.AddAccount(t, "A") 108 ts.AddExport(t, "A", jwt.Service, "s", false) 109 _, _, err := ExecuteCmd(createRevokeListActivationCmd()) 110 require.Error(t, err) 111 require.Contains(t, err.Error(), "doesn't have stream exports") 112 } 113 114 func TestRevokeListActivationDefaultExport(t *testing.T) { 115 ts := NewTestStore(t, "O") 116 defer ts.Done(t) 117 ts.AddAccount(t, "A") 118 ts.AddExport(t, "A", jwt.Service, "s", false) 119 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--service", "--target-account", "*") 120 require.NoError(t, err) 121 _, _, err = ExecuteCmd(createRevokeListActivationCmd(), "--service") 122 require.NoError(t, err) 123 } 124 125 func TestRevokeListActivationNoDefaultExport(t *testing.T) { 126 ts := NewTestStore(t, "O") 127 defer ts.Done(t) 128 ts.AddAccount(t, "A") 129 ts.AddExport(t, "A", jwt.Service, "s", false) 130 ts.AddExport(t, "A", jwt.Service, "r", false) 131 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--service", "--target-account", "*", "--subject", "s") 132 require.NoError(t, err) 133 _, _, err = ExecuteCmd(createRevokeActivationCmd(), "--service", "--target-account", "*", "--subject", "r") 134 require.NoError(t, err) 135 _, _, err = ExecuteCmd(createRevokeListActivationCmd(), "--service") 136 require.Error(t, err) 137 require.Contains(t, err.Error(), "a subject is required") 138 } 139 140 func TestRevokeListActivationExportNotFound(t *testing.T) { 141 ts := NewTestStore(t, "O") 142 defer ts.Done(t) 143 ts.AddAccount(t, "A") 144 ts.AddExport(t, "A", jwt.Service, "s", false) 145 ts.AddExport(t, "A", jwt.Service, "r", false) 146 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--service", "--target-account", "*", "--subject", "s") 147 require.NoError(t, err) 148 _, _, err = ExecuteCmd(createRevokeActivationCmd(), "--service", "--target-account", "*", "--subject", "r") 149 require.NoError(t, err) 150 _, _, err = ExecuteCmd(createRevokeListActivationCmd(), "--service", "--subject", "x") 151 require.Error(t, err) 152 require.Contains(t, err.Error(), "unable to locate export") 153 } 154 155 func TestRevokeListActivationHasNoRevocations(t *testing.T) { 156 ts := NewTestStore(t, "O") 157 defer ts.Done(t) 158 ts.AddAccount(t, "A") 159 ts.AddExport(t, "A", jwt.Service, "s", false) 160 _, _, err := ExecuteCmd(createRevokeListActivationCmd(), "--service", "--subject", "s") 161 require.Error(t, err) 162 require.Contains(t, err.Error(), "service s has no revocations") 163 } 164 165 func TestRevokeListActivationInteractive(t *testing.T) { 166 ts := NewTestStore(t, "O") 167 defer ts.Done(t) 168 ts.AddAccount(t, "A") 169 ts.AddExport(t, "A", jwt.Service, "s", false) 170 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--service", "--subject", "s", "--target-account", "*") 171 require.NoError(t, err) 172 args := []interface{}{true, 0} 173 _, _, err = ExecuteInteractiveCmd(createRevokeListActivationCmd(), args) 174 require.NoError(t, err) 175 }