github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/reissueoperator_test.go (about) 1 /* 2 * Copyright 2020 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "testing" 20 21 "github.com/stretchr/testify/require" 22 ) 23 24 func Test_ReIssue(t *testing.T) { 25 ts := NewTestStore(t, "O") 26 defer ts.Done(t) 27 op1, err := ts.Store.ReadOperatorClaim() 28 require.NoError(t, err) 29 _, _, err = ExecuteCmd(createReIssueOperatorCmd()) 30 require.NoError(t, err) 31 op2, err := ts.Store.ReadOperatorClaim() 32 require.NoError(t, err) 33 require.NotEqual(t, op1.Subject, op2.Subject) 34 require.Len(t, op1.SigningKeys, 0) 35 // add testing account 36 ts.AddAccount(t, "A") 37 38 _, stderr, err := ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key") 39 require.NoError(t, err) 40 op3, err := ts.Store.ReadOperatorClaim() 41 require.NoError(t, err) 42 require.NotEqual(t, op2.Subject, op3.Subject) 43 require.Equal( 44 t, 45 stderr, 46 "[ OK ] operator \"O\" successfully changed identity to: "+op3.Subject+"\n"+ 47 "[ OK ] old operator key \""+op2.Subject+"\" turned into signing key\n"+ 48 "all jobs succeeded\n", 49 ) 50 require.Len(t, op3.SigningKeys, 1) 51 require.True(t, op3.SigningKeys.Contains(op2.Subject)) 52 53 ac, err := ts.Store.ReadAccountClaim("A") 54 require.NoError(t, err) 55 require.True(t, op3.DidSign(ac)) 56 57 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--name", "O") 58 require.NoError(t, err) 59 op4, err := ts.Store.ReadOperatorClaim() 60 require.NoError(t, err) 61 require.NotEqual(t, op3.Subject, op4.Subject) 62 require.Len(t, op4.SigningKeys, 1) 63 require.True(t, op4.SigningKeys.Contains(op2.Subject)) 64 65 ac, err = ts.Store.ReadAccountClaim("A") 66 require.NoError(t, err) 67 require.True(t, op4.DidSign(ac)) 68 } 69 70 func Test_ReIssueStrict(t *testing.T) { 71 ts := NewTestStore(t, "O") 72 defer ts.Done(t) 73 op1, err := ts.Store.ReadOperatorClaim() 74 require.NoError(t, err) 75 76 // add testing account 77 ts.AddAccount(t, "A") 78 79 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key") 80 require.NoError(t, err) 81 op3, err := ts.Store.ReadOperatorClaim() 82 require.NoError(t, err) 83 require.NotEqual(t, op1.Subject, op3.Subject) 84 require.Len(t, op3.SigningKeys, 1) 85 require.True(t, op3.SigningKeys.Contains(op1.Subject)) 86 ac, err := ts.Store.ReadAccountClaim("A") 87 require.NoError(t, err) 88 require.True(t, op3.DidSign(ac)) 89 90 _, _, err = ExecuteCmd(createEditOperatorCmd(), "--require-signing-keys") 91 require.NoError(t, err) 92 _, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key") 93 require.NoError(t, err) 94 }