github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/revokeclearuser_test.go (about) 1 /* 2 * Copyright 2018-2020 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "testing" 20 21 cli "github.com/nats-io/cliprompts/v2" 22 23 "github.com/stretchr/testify/require" 24 ) 25 26 func TestRevokeClearUser(t *testing.T) { 27 ts := NewTestStore(t, "revoke_clear_user") 28 defer ts.Done(t) 29 30 ts.AddAccount(t, "A") 31 ts.AddUser(t, "A", "one") 32 ts.AddUser(t, "A", "two") 33 ts.AddUser(t, "A", "three") 34 35 _, _, err := ExecuteCmd(createRevokeUserCmd(), "--name", "one") 36 require.NoError(t, err) 37 38 ac, err := ts.Store.ReadAccountClaim("A") 39 require.NoError(t, err) 40 require.Len(t, ac.Revocations, 1) 41 42 u, err := ts.Store.ReadUserClaim("A", "one") 43 require.NoError(t, err) 44 require.Contains(t, ac.Revocations, u.Subject) 45 46 _, _, err = ExecuteCmd(createClearRevokeUserCmd(), "--name", "one") 47 require.NoError(t, err) 48 49 ac, err = ts.Store.ReadAccountClaim("A") 50 require.NoError(t, err) 51 require.Len(t, ac.Revocations, 0) 52 53 // error if not revoked 54 _, _, err = ExecuteCmd(createClearRevokeUserCmd(), "--name", "one") 55 require.Error(t, err) 56 } 57 58 func TestRevokeClearUserInteractive(t *testing.T) { 59 ts := NewTestStore(t, "test") 60 defer ts.Done(t) 61 62 ts.AddAccount(t, "A") 63 ts.AddUser(t, "A", "one") 64 ts.AddUser(t, "A", "two") 65 ts.AddAccount(t, "B") 66 ts.AddUser(t, "B", "one") 67 ts.AddUser(t, "B", "two") 68 69 _, _, err := ExecuteCmd(createRevokeUserCmd(), "--name", "one", "--account", "A") 70 require.NoError(t, err) 71 72 ac, err := ts.Store.ReadAccountClaim("A") 73 require.NoError(t, err) 74 require.Len(t, ac.Revocations, 1) 75 76 u, err := ts.Store.ReadUserClaim("A", "one") 77 require.NoError(t, err) 78 require.Contains(t, ac.Revocations, u.Subject) 79 80 // first account and first user 81 input := []interface{}{0, 0} 82 cmd := createClearRevokeUserCmd() 83 HoistRootFlags(cmd) 84 cli.LogFn = t.Log 85 _, _, err = ExecuteInteractiveCmd(cmd, input, "-i") 86 require.NoError(t, err) 87 88 ac, err = ts.Store.ReadAccountClaim("A") 89 require.NoError(t, err) 90 require.Len(t, ac.Revocations, 0) 91 } 92 93 func TestClearRevokeUserUserAndKey(t *testing.T) { 94 ts := NewTestStore(t, "O") 95 defer ts.Done(t) 96 ts.AddAccount(t, "A") 97 _, _, err := ExecuteCmd(createClearRevokeUserCmd(), "--name", "a", "--user-public-key", "UAUGJSHSTZY4ESHTL32CYYQNGT6MHXDQY6APMFMVRXWZN76RHE2IRN5O") 98 require.Error(t, err) 99 require.Contains(t, err.Error(), "user and user-public-key are mutually exclusive") 100 } 101 102 func TestClearRevokeUserNotFound(t *testing.T) { 103 ts := NewTestStore(t, "O") 104 defer ts.Done(t) 105 ts.AddAccount(t, "A") 106 ts.AddUser(t, "A", "U") 107 _, _, err := ExecuteCmd(createClearRevokeUserCmd(), "--name", "uu") 108 require.Error(t, err) 109 require.Contains(t, err.Error(), "not found") 110 } 111 112 func TestClearRevokeDefaultUser(t *testing.T) { 113 ts := NewTestStore(t, "O") 114 defer ts.Done(t) 115 ts.AddAccount(t, "A") 116 ts.AddUser(t, "A", "U") 117 _, _, err := ExecuteCmd(createRevokeUserCmd()) 118 require.NoError(t, err) 119 _, _, err = ExecuteCmd(createClearRevokeUserCmd()) 120 require.NoError(t, err) 121 } 122 123 func TestClearRevokeRevocationNotFound(t *testing.T) { 124 ts := NewTestStore(t, "O") 125 defer ts.Done(t) 126 ts.AddAccount(t, "A") 127 ts.AddUser(t, "A", "U") 128 _, _, err := ExecuteCmd(createRevokeUserCmd()) 129 require.NoError(t, err) 130 _, _, err = ExecuteCmd(createClearRevokeUserCmd(), "-u", "*") 131 require.Error(t, err) 132 require.Contains(t, err.Error(), "user with public key * is not revoked") 133 } 134 135 func TestClearRevokeAllUsers(t *testing.T) { 136 ts := NewTestStore(t, "O") 137 defer ts.Done(t) 138 ts.AddAccount(t, "A") 139 _, _, err := ExecuteCmd(createRevokeUserCmd(), "-u", "*") 140 require.NoError(t, err) 141 _, _, err = ExecuteCmd(createClearRevokeUserCmd(), "-u", "*") 142 require.NoError(t, err) 143 144 ac, err := ts.Store.ReadAccountClaim("A") 145 require.NoError(t, err) 146 require.Empty(t, ac.Revocations) 147 }