github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/deleteaccount_test.go (about) 1 /* 2 * Copyright 2019 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "os" 20 "testing" 21 22 "github.com/nats-io/jwt/v2" 23 "github.com/stretchr/testify/require" 24 ) 25 26 func Test_DeleteAccountNotFound(t *testing.T) { 27 ts := NewTestStore(t, "O") 28 defer ts.Done(t) 29 30 ts.AddAccount(t, "A") 31 _, _, err := ExecuteCmd(createDeleteAccountCmd(), "--name", "B") 32 require.Error(t, err) 33 require.Contains(t, err.Error(), "\"B\" not in accounts for operator \"O\"") 34 } 35 36 func Test_DeleteAccountOnly(t *testing.T) { 37 ts := NewTestStore(t, "O") 38 defer ts.Done(t) 39 40 ts.AddAccount(t, "A") 41 ts.AddUser(t, "A", "U") 42 43 ac, err := ts.Store.ReadAccountClaim("A") 44 require.NoError(t, err) 45 apk := ac.Subject 46 47 uc, err := ts.Store.ReadUserClaim("A", "U") 48 require.NoError(t, err) 49 upk := uc.Subject 50 51 _, _, err = ExecuteCmd(createDeleteAccountCmd(), "A") 52 require.NoError(t, err) 53 require.True(t, ts.KeyStore.HasPrivateKey(apk)) 54 require.True(t, ts.KeyStore.HasPrivateKey(upk)) 55 require.FileExists(t, ts.KeyStore.GetUserCredsPath("A", "U")) 56 } 57 58 func Test_DeleteAll(t *testing.T) { 59 ts := NewTestStore(t, "O") 60 defer ts.Done(t) 61 62 _, pk, kp := CreateAccountKey(t) 63 ts.KeyStore.Store(kp) 64 ts.AddAccount(t, "A") 65 66 _, _, err := ExecuteCmd(createEditAccount(), "--sk", pk) 67 require.NoError(t, err) 68 69 ts.AddUser(t, "A", "U") 70 71 ac, err := ts.Store.ReadAccountClaim("A") 72 require.NoError(t, err) 73 apk := ac.Subject 74 75 uc, err := ts.Store.ReadUserClaim("A", "U") 76 require.NoError(t, err) 77 upk := uc.Subject 78 79 _, _, err = ExecuteCmd(createDeleteAccountCmd(), "A", "--rm-nkey", "--rm-creds") 80 require.NoError(t, err) 81 require.False(t, ts.KeyStore.HasPrivateKey(apk)) 82 require.False(t, ts.KeyStore.HasPrivateKey(pk)) 83 require.False(t, ts.KeyStore.HasPrivateKey(upk)) 84 _, err = os.Stat(ts.KeyStore.GetUserCredsPath("A", "U")) 85 require.True(t, os.IsNotExist(err)) 86 } 87 88 func Test_DeleteAccountInteractive(t *testing.T) { 89 ts := NewTestStore(t, "O") 90 defer ts.Done(t) 91 92 ts.AddAccount(t, "A") 93 ts.AddUser(t, "A", "U") 94 95 ac, err := ts.Store.ReadAccountClaim("A") 96 require.NoError(t, err) 97 apk := ac.Subject 98 99 uc, err := ts.Store.ReadUserClaim("A", "U") 100 require.NoError(t, err) 101 upk := uc.Subject 102 103 _, _, err = ExecuteInteractiveCmd(createDeleteAccountCmd(), []interface{}{false, true, true, true}, "--name", "A") 104 require.NoError(t, err) 105 106 uc, err = ts.Store.ReadUserClaim("A", "U") 107 require.Error(t, err) 108 require.Nil(t, uc) 109 110 require.False(t, ts.KeyStore.HasPrivateKey(apk)) 111 require.False(t, ts.KeyStore.HasPrivateKey(upk)) 112 _, err = os.Stat(ts.KeyStore.GetUserCredsPath("A", "U")) 113 require.True(t, os.IsNotExist(err)) 114 } 115 116 func Test_DeleteManagedAccountRequiresForceAndExpires(t *testing.T) { 117 as, m := RunTestAccountServer(t) 118 defer as.Close() 119 120 ts := NewTestStoreWithOperatorJWT(t, string(m["operator"])) 121 defer ts.Done(t) 122 123 ts.AddAccount(t, "A") 124 ts.AddUser(t, "A", "U") 125 126 _, _, err := ExecuteCmd(createDeleteAccountCmd(), "A") 127 require.Error(t, err) 128 require.Contains(t, err.Error(), "--force to override") 129 130 ts.AddAccount(t, "A") 131 ac, err := ts.Store.ReadAccountClaim("A") 132 require.NoError(t, err) 133 require.Zero(t, ac.Expires) 134 _, _, err = ExecuteCmd(createDeleteAccountCmd(), "A", "--force") 135 require.NoError(t, err) 136 137 token := m[ac.Subject] 138 require.NotNil(t, token) 139 140 eac, err := jwt.DecodeAccountClaims(string(token)) 141 require.NoError(t, err) 142 require.NotZero(t, eac.Expires) 143 require.Len(t, eac.Revocations, 1) 144 }