github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/revoke_clearactivation_test.go (about) 1 /* 2 * Copyright 2018-2020 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "testing" 20 "time" 21 22 "github.com/nats-io/jwt/v2" 23 "github.com/stretchr/testify/require" 24 ) 25 26 func TestClearRevokeActivation(t *testing.T) { 27 ts := NewTestStore(t, "revoke_clear_user") 28 defer ts.Done(t) 29 30 ts.AddAccount(t, "A") 31 ts.AddExport(t, "A", jwt.Stream, "foo.>", 0, false) 32 33 _, pub, _ := CreateAccountKey(t) 34 35 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--subject", "foo.bar", "--target-account", pub) 36 require.NoError(t, err) 37 38 ac, err := ts.Store.ReadAccountClaim("A") 39 require.NoError(t, err) 40 require.Len(t, ac.Exports, 1) 41 42 for _, exp := range ac.Exports { 43 require.True(t, exp.Revocations.IsRevoked(pub, time.Unix(0, 0))) 44 } 45 46 _, _, err = ExecuteCmd(createClearRevokeActivationCmd(), "--subject", "foo.bar", "--target-account", pub) 47 require.NoError(t, err) 48 49 ac, err = ts.Store.ReadAccountClaim("A") 50 require.NoError(t, err) 51 require.Len(t, ac.Exports, 1) 52 for _, exp := range ac.Exports { 53 require.False(t, exp.Revocations.IsRevoked(pub, time.Unix(0, 0))) 54 } 55 } 56 57 func TestClearRevokeActivationInteractive(t *testing.T) { 58 ts := NewTestStore(t, "test") 59 defer ts.Done(t) 60 61 ts.AddAccount(t, "A") 62 ts.AddExport(t, "A", jwt.Stream, "foo.>", 0, false) 63 ts.AddExport(t, "A", jwt.Service, "bar", 0, false) 64 ts.AddAccount(t, "B") 65 ts.AddExport(t, "B", jwt.Stream, "foo.>", 0, false) 66 ts.AddExport(t, "B", jwt.Service, "bar", 0, false) 67 68 _, pub, _ := CreateAccountKey(t) 69 70 input := []interface{}{1, true, 0, pub, "1000"} // second account "B" 71 cmd := createRevokeActivationCmd() 72 HoistRootFlags(cmd) 73 _, _, err := ExecuteInteractiveCmd(cmd, input, "-i") 74 require.NoError(t, err) 75 76 ac, err := ts.Store.ReadAccountClaim("B") 77 require.NoError(t, err) 78 79 for _, exp := range ac.Exports { 80 if exp.Subject != "bar" { 81 require.Len(t, exp.Revocations, 0) 82 continue 83 } 84 require.Len(t, exp.Revocations, 1) 85 require.True(t, exp.Revocations.IsRevoked(pub, time.Unix(999, 0))) 86 require.False(t, exp.Revocations.IsRevoked(pub, time.Unix(1001, 0))) 87 } 88 89 input = []interface{}{1, true, 0, 0} // second account "B" 90 cmd = createClearRevokeActivationCmd() 91 HoistRootFlags(cmd) 92 _, _, err = ExecuteInteractiveCmd(cmd, input, "-i") 93 require.NoError(t, err) 94 95 ac, err = ts.Store.ReadAccountClaim("B") 96 require.NoError(t, err) 97 98 for _, exp := range ac.Exports { 99 require.Len(t, exp.Revocations, 0) 100 } 101 } 102 103 func TestClearRevokeActivationNoExports(t *testing.T) { 104 ts := NewTestStore(t, "test") 105 defer ts.Done(t) 106 ts.AddAccount(t, "A") 107 _, _, err := ExecuteCmd(createClearRevokeActivationCmd()) 108 require.Error(t, err) 109 require.Contains(t, err.Error(), "account \"A\" doesn't have exports") 110 } 111 112 func TestClearRevokeActivationNoServiceExports(t *testing.T) { 113 ts := NewTestStore(t, "test") 114 defer ts.Done(t) 115 ts.AddAccount(t, "A") 116 ts.AddExport(t, "A", jwt.Stream, "foo.>", 0, false) 117 _, _, err := ExecuteCmd(createClearRevokeActivationCmd(), "--service") 118 require.Error(t, err) 119 require.Contains(t, err.Error(), "account \"A\" doesn't have service exports") 120 } 121 122 func TestClearRevokeActivationNoStreamExports(t *testing.T) { 123 ts := NewTestStore(t, "test") 124 defer ts.Done(t) 125 ts.AddAccount(t, "A") 126 ts.AddExport(t, "A", jwt.Service, "q", 0, false) 127 _, _, err := ExecuteCmd(createClearRevokeActivationCmd()) 128 require.Error(t, err) 129 require.Contains(t, err.Error(), "account \"A\" doesn't have stream exports") 130 } 131 132 func TestClearRevokeActivationServiceNoExports(t *testing.T) { 133 ts := NewTestStore(t, "test") 134 defer ts.Done(t) 135 ts.AddAccount(t, "A") 136 ts.AddExport(t, "A", jwt.Stream, "foo.>", 0, false) 137 _, _, err := ExecuteCmd(createClearRevokeActivationCmd(), "--service") 138 require.Error(t, err) 139 require.Contains(t, err.Error(), "account \"A\" doesn't have service exports") 140 } 141 142 func TestClearRevokeActivationInteractiveServiceNoRevocations(t *testing.T) { 143 ts := NewTestStore(t, "test") 144 defer ts.Done(t) 145 ts.AddAccount(t, "A") 146 ts.AddExport(t, "A", jwt.Service, "q", 0, false) 147 input := []interface{}{true, 0} 148 _, _, err := ExecuteInteractiveCmd(createClearRevokeActivationCmd(), input) 149 require.Error(t, err) 150 require.Contains(t, err.Error(), "service export q doesn't have revocations") 151 } 152 153 func TestClearRevokeActivationInteractiveStreamNoRevocations(t *testing.T) { 154 ts := NewTestStore(t, "test") 155 defer ts.Done(t) 156 ts.AddAccount(t, "A") 157 ts.AddExport(t, "A", jwt.Stream, "q", 0, false) 158 input := []interface{}{false, 0} 159 _, _, err := ExecuteInteractiveCmd(createClearRevokeActivationCmd(), input) 160 require.Error(t, err) 161 require.Contains(t, err.Error(), "stream export q doesn't have revocations") 162 } 163 164 func TestClearRevokeActivationDefault(t *testing.T) { 165 ts := NewTestStore(t, "test") 166 defer ts.Done(t) 167 ts.AddAccount(t, "A") 168 ts.AddExport(t, "A", jwt.Stream, "s", 0, false) 169 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--target-account", "*") 170 require.NoError(t, err) 171 _, _, err = ExecuteCmd(createClearRevokeActivationCmd(), "--target-account", "*") 172 require.NoError(t, err) 173 } 174 175 func TestClearRevokeActivationNotFound(t *testing.T) { 176 ts := NewTestStore(t, "test") 177 defer ts.Done(t) 178 ts.AddAccount(t, "A") 179 ts.AddExport(t, "A", jwt.Stream, "s", 0, false) 180 ts.AddExport(t, "A", jwt.Stream, "r", 0, false) 181 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--target-account", "*", "--subject", "s") 182 require.NoError(t, err) 183 _, _, err = ExecuteCmd(createRevokeActivationCmd(), "--target-account", "*", "--subject", "r") 184 require.NoError(t, err) 185 _, _, err = ExecuteCmd(createClearRevokeActivationCmd(), "--target-account", "*", "--subject", "k") 186 require.Error(t, err) 187 require.Contains(t, err.Error(), "unable to locate export") 188 } 189 190 func TestClearRevokeActivationSubjectRequired(t *testing.T) { 191 ts := NewTestStore(t, "test") 192 defer ts.Done(t) 193 ts.AddAccount(t, "A") 194 ts.AddExport(t, "A", jwt.Stream, "s", 0, false) 195 ts.AddExport(t, "A", jwt.Stream, "r", 0, false) 196 _, _, err := ExecuteCmd(createRevokeActivationCmd(), "--target-account", "*", "--subject", "s") 197 require.NoError(t, err) 198 _, _, err = ExecuteCmd(createClearRevokeActivationCmd(), "--target-account", "*") 199 require.Error(t, err) 200 require.Contains(t, err.Error(), "a subject is required") 201 }