github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/reissueoperator_test.go

github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/reissueoperator_test.go (about)

     1  /*
     2   * Copyright 2020 The NATS Authors
     3   * Licensed under the Apache License, Version 2.0 (the "License");
     4   * you may not use this file except in compliance with the License.
     5   * You may obtain a copy of the License at
     6   *
     7   * http://www.apache.org/licenses/LICENSE-2.0
     8   *
     9   * Unless required by applicable law or agreed to in writing, software
    10   * distributed under the License is distributed on an "AS IS" BASIS,
    11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12   * See the License for the specific language governing permissions and
    13   * limitations under the License.
    14   */
    15  
    16  package cmd
    17  
    18  import (
    19  	"testing"
    20  
    21  	"github.com/stretchr/testify/require"
    22  )
    23  
    24  func Test_ReIssue(t *testing.T) {
    25  	ts := NewTestStore(t, "O")
    26  	defer ts.Done(t)
    27  	op1, err := ts.Store.ReadOperatorClaim()
    28  	require.NoError(t, err)
    29  	_, _, err = ExecuteCmd(createReIssueOperatorCmd())
    30  	require.NoError(t, err)
    31  	op2, err := ts.Store.ReadOperatorClaim()
    32  	require.NoError(t, err)
    33  	require.NotEqual(t, op1.Subject, op2.Subject)
    34  	require.Len(t, op1.SigningKeys, 0)
    35  	// add testing account
    36  	ts.AddAccount(t, "A")
    37  
    38  	_, stderr, err := ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key")
    39  	require.NoError(t, err)
    40  	op3, err := ts.Store.ReadOperatorClaim()
    41  	require.NoError(t, err)
    42  	require.NotEqual(t, op2.Subject, op3.Subject)
    43  	require.Equal(
    44  		t,
    45  		stderr,
    46  		"[ OK ] operator \"O\" successfully changed identity to: "+op3.Subject+"\n"+
    47  			"[ OK ] old operator key \""+op2.Subject+"\" turned into signing key\n"+
    48  			"all jobs succeeded\n",
    49  	)
    50  	require.Len(t, op3.SigningKeys, 1)
    51  	require.True(t, op3.SigningKeys.Contains(op2.Subject))
    52  
    53  	ac, err := ts.Store.ReadAccountClaim("A")
    54  	require.NoError(t, err)
    55  	require.True(t, op3.DidSign(ac))
    56  
    57  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--name", "O")
    58  	require.NoError(t, err)
    59  	op4, err := ts.Store.ReadOperatorClaim()
    60  	require.NoError(t, err)
    61  	require.NotEqual(t, op3.Subject, op4.Subject)
    62  	require.Len(t, op4.SigningKeys, 1)
    63  	require.True(t, op4.SigningKeys.Contains(op2.Subject))
    64  
    65  	ac, err = ts.Store.ReadAccountClaim("A")
    66  	require.NoError(t, err)
    67  	require.True(t, op4.DidSign(ac))
    68  }
    69  
    70  func Test_ReIssueStrict(t *testing.T) {
    71  	ts := NewTestStore(t, "O")
    72  	defer ts.Done(t)
    73  	op1, err := ts.Store.ReadOperatorClaim()
    74  	require.NoError(t, err)
    75  
    76  	// add testing account
    77  	ts.AddAccount(t, "A")
    78  
    79  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key")
    80  	require.NoError(t, err)
    81  	op3, err := ts.Store.ReadOperatorClaim()
    82  	require.NoError(t, err)
    83  	require.NotEqual(t, op1.Subject, op3.Subject)
    84  	require.Len(t, op3.SigningKeys, 1)
    85  	require.True(t, op3.SigningKeys.Contains(op1.Subject))
    86  	ac, err := ts.Store.ReadAccountClaim("A")
    87  	require.NoError(t, err)
    88  	require.True(t, op3.DidSign(ac))
    89  
    90  	_, _, err = ExecuteCmd(createEditOperatorCmd(), "--require-signing-keys")
    91  	require.NoError(t, err)
    92  	_, _, err = ExecuteCmd(createReIssueOperatorCmd(), "--convert-to-signing-key")
    93  	require.NoError(t, err)
    94  }