github.com/nats-io/nsc/v2@v2.8.7-0.20240307184528-efd7023c6896/cmd/validate_test.go (about) 1 /* 2 * Copyright 2018-2023 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "os" 20 "path/filepath" 21 "strings" 22 "testing" 23 24 "github.com/nats-io/nsc/v2/cmd/store" 25 "github.com/stretchr/testify/require" 26 ) 27 28 func Test_ValidateNoOperator(t *testing.T) { 29 ts := NewEmptyStore(t) 30 defer ts.Done(t) 31 storeDir := ts.AddSubDir(t, "store") 32 require.DirExists(t, storeDir) 33 _, _, err := ExecuteCmd(createValidateCommand()) 34 require.Error(t, err) 35 require.True(t, strings.Contains(err.Error(), "set an operator") || 36 strings.Contains(err.Error(), "no such file or directory")) 37 } 38 39 func Test_ValidateNoAccount(t *testing.T) { 40 ts := NewTestStore(t, "O") 41 defer ts.Done(t) 42 43 _, stderr, err := ExecuteCmd(createValidateCommand()) 44 require.NoError(t, err) 45 require.Contains(t, stderr, "Operator \"O\"") 46 require.Contains(t, stderr, "No issues found") 47 } 48 49 func Test_ValidateExpiredOperator(t *testing.T) { 50 ts := NewTestStore(t, "O") 51 defer ts.Done(t) 52 53 oc, err := ts.Store.ReadOperatorClaim() 54 require.NoError(t, err) 55 before, err := ParseExpiry("1999-12-01") 56 require.NoError(t, err) 57 oc.Expires = before 58 59 token, err := oc.Encode(ts.OperatorKey) 60 require.NoError(t, err) 61 require.NoError(t, ts.Store.StoreRaw([]byte(token))) 62 63 _, stderr, err := ExecuteCmd(createValidateCommand()) 64 require.Error(t, err) 65 require.Contains(t, stderr, "claim is expired") 66 } 67 68 func Test_ValidateBadOperatorIssuer(t *testing.T) { 69 ts := NewTestStore(t, "O") 70 defer ts.Done(t) 71 72 oc, err := ts.Store.ReadOperatorClaim() 73 require.NoError(t, err) 74 _, _, kp := CreateOperatorKey(t) 75 token, err := oc.Encode(kp) 76 require.NoError(t, err) 77 require.NoError(t, ts.Store.StoreRaw([]byte(token))) 78 79 _, stderr, err := ExecuteCmd(createValidateCommand()) 80 require.Error(t, err) 81 require.Contains(t, stderr, "not issued by operator") 82 } 83 84 func Test_ExpiredAccount(t *testing.T) { 85 ts := NewTestStore(t, "O") 86 defer ts.Done(t) 87 88 ts.AddAccount(t, "A") 89 ac, err := ts.Store.ReadAccountClaim("A") 90 require.NoError(t, err) 91 92 before, err := ParseExpiry("1999-12-01") 93 require.NoError(t, err) 94 ac.Expires = before 95 token, err := ac.Encode(ts.OperatorKey) 96 require.NoError(t, err) 97 rs, err := ts.Store.StoreClaim([]byte(token)) 98 require.NoError(t, err) 99 require.Nil(t, rs) 100 101 _, stderr, err := ExecuteCmd(createValidateCommand()) 102 require.Error(t, err) 103 require.Contains(t, stderr, "claim is expired") 104 } 105 106 func Test_ValidateBadAccountIssuer(t *testing.T) { 107 ts := NewTestStore(t, "O") 108 defer ts.Done(t) 109 110 ts.AddAccount(t, "A") 111 ac, err := ts.Store.ReadAccountClaim("A") 112 require.NoError(t, err) 113 114 _, _, kp := CreateOperatorKey(t) 115 token, err := ac.Encode(kp) 116 require.NoError(t, err) 117 rs, err := ts.Store.StoreClaim([]byte(token)) 118 require.NoError(t, err) 119 require.Nil(t, rs) 120 121 _, stderr, err := ExecuteCmd(createValidateCommand()) 122 require.Error(t, err) 123 require.Contains(t, stderr, "not issued by operator") 124 } 125 126 func Test_ValidateBadUserIssuer(t *testing.T) { 127 ts := NewTestStore(t, "O") 128 defer ts.Done(t) 129 130 ts.AddAccount(t, "A") 131 ts.AddUser(t, "A", "U") 132 uc, err := ts.Store.ReadUserClaim("A", "U") 133 require.NoError(t, err) 134 135 _, _, kp := CreateAccountKey(t) 136 token, err := uc.Encode(kp) 137 require.NoError(t, err) 138 fp := filepath.Join(ts.StoreDir, "O", store.Accounts, "A", store.Users, store.JwtName("U")) 139 require.NoError(t, os.Remove(fp)) 140 require.NoError(t, Write(fp, []byte(token))) 141 142 _, stderr, err := ExecuteCmd(createValidateCommand()) 143 require.Error(t, err) 144 require.Contains(t, stderr, "not issued by account") 145 } 146 147 func Test_ValidateExpiredUser(t *testing.T) { 148 ts := NewTestStore(t, "O") 149 defer ts.Done(t) 150 151 ts.AddAccount(t, "A") 152 ts.AddUser(t, "A", "U") 153 uc, err := ts.Store.ReadUserClaim("A", "U") 154 require.NoError(t, err) 155 before, err := ParseExpiry("1999-12-01") 156 require.NoError(t, err) 157 uc.Expires = before 158 kp := ts.GetAccountKey(t, "A") 159 token, err := uc.Encode(kp) 160 require.NoError(t, err) 161 rs, err := ts.Store.StoreClaim([]byte(token)) 162 require.NoError(t, err) 163 require.Nil(t, rs) 164 165 _, stderr, err := ExecuteCmd(createValidateCommand()) 166 require.Error(t, err) 167 require.Contains(t, stderr, "user \"U\": claim is expired") 168 } 169 170 func Test_ValidateOneOfAccountOrAll(t *testing.T) { 171 ts := NewTestStore(t, "O") 172 defer ts.Done(t) 173 174 ts.AddAccount(t, "A") 175 176 _, stderr, err := ExecuteCmd(createValidateCommand(), "--account", "A", "--all-accounts") 177 require.Error(t, err) 178 require.Contains(t, stderr, "specify only one") 179 } 180 181 func Test_ValidateBadAccountName(t *testing.T) { 182 ts := NewTestStore(t, "O") 183 defer ts.Done(t) 184 185 ts.AddAccount(t, "A") 186 187 _, stderr, err := ExecuteCmd(createValidateCommand(), "--account", "B") 188 require.Error(t, err) 189 require.Contains(t, stderr, "not in accounts for operator") 190 } 191 192 func Test_ValidateInteractive(t *testing.T) { 193 ts := NewTestStore(t, "O") 194 defer ts.Done(t) 195 196 ts.AddAccount(t, "A") 197 ts.AddAccount(t, "B") 198 199 _, stderr, err := ExecuteInteractiveCmd(HoistRootFlags(createValidateCommand()), []interface{}{1}, "--account", "B") 200 require.NoError(t, err) 201 require.Contains(t, stderr, "Account \"B\"") 202 }