github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/editauthorization_test.go (about) 1 /* 2 * Copyright 2022 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 package cmd 16 17 import ( 18 "fmt" 19 "testing" 20 21 "github.com/stretchr/testify/require" 22 ) 23 24 func Test_EditAuthorizationNoFlags(t *testing.T) { 25 ts := NewTestStore(t, "test") 26 defer ts.Done(t) 27 28 ts.AddAccount(t, "A") 29 30 _, _, err := ExecuteCmd(createEditAuthorizationCallout()) 31 require.Error(t, err) 32 require.Equal(t, "please specify some options", err.Error()) 33 } 34 35 func Test_EditAuthorizationBadUser(t *testing.T) { 36 ts := NewTestStore(t, "test") 37 defer ts.Done(t) 38 39 ts.AddAccount(t, "A") 40 41 _, aPK, _ := CreateAccountKey(t) 42 _, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--auth-user", aPK) 43 require.Error(t, err) 44 require.Equal(t, fmt.Sprintf("%s is not a valid user key", aPK), err.Error()) 45 } 46 47 func Test_EditAuthorizationBadAccount(t *testing.T) { 48 ts := NewTestStore(t, "test") 49 defer ts.Done(t) 50 51 ts.AddAccount(t, "A") 52 53 _, aPK, _ := CreateUserKey(t) 54 _, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--allowed-account", aPK) 55 require.Error(t, err) 56 require.Equal(t, fmt.Sprintf("%s is not a valid account key", aPK), err.Error()) 57 } 58 59 func Test_EditAuthorizationJustUser(t *testing.T) { 60 ts := NewTestStore(t, "test") 61 defer ts.Done(t) 62 63 ts.AddAccount(t, "A") 64 65 _, uPK, _ := CreateUserKey(t) 66 _, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--auth-user", uPK) 67 require.NoError(t, err) 68 69 ac, err := ts.Store.ReadAccountClaim("A") 70 require.NoError(t, err) 71 require.Contains(t, ac.Authorization.AuthUsers, uPK) 72 } 73 74 func Test_EditAuthorizationJustAccount(t *testing.T) { 75 ts := NewTestStore(t, "test") 76 defer ts.Done(t) 77 78 ts.AddAccount(t, "A") 79 80 _, aPK, _ := CreateAccountKey(t) 81 _, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--allowed-account", aPK) 82 require.Error(t, err) 83 require.Contains(t, err.Error(), "External authorization cannot have accounts without users specified") 84 } 85 86 func Test_EditAuthorizationDelete(t *testing.T) { 87 ts := NewTestStore(t, "test") 88 defer ts.Done(t) 89 90 ts.AddAccount(t, "A") 91 92 _, uPK, _ := CreateUserKey(t) 93 _, aPK, _ := CreateAccountKey(t) 94 _, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--auth-user", uPK, "--allowed-account", aPK) 95 require.NoError(t, err) 96 97 ac, err := ts.Store.ReadAccountClaim("A") 98 require.NoError(t, err) 99 require.Contains(t, ac.Authorization.AuthUsers, uPK) 100 require.Contains(t, ac.Authorization.AllowedAccounts, aPK) 101 102 _, _, err = ExecuteCmd(createEditAuthorizationCallout(), "--disable") 103 require.NoError(t, err) 104 105 ac, err = ts.Store.ReadAccountClaim("A") 106 require.NoError(t, err) 107 require.Empty(t, ac.Authorization.AuthUsers) 108 require.Empty(t, ac.Authorization.AllowedAccounts) 109 } 110 111 func Test_EditAuthorizationDeleteUser(t *testing.T) { 112 ts := NewTestStore(t, "test") 113 defer ts.Done(t) 114 115 ts.AddAccount(t, "A") 116 117 _, uPK, _ := CreateUserKey(t) 118 _, u2PK, _ := CreateUserKey(t) 119 _, aPK, _ := CreateAccountKey(t) 120 _, a2PK, _ := CreateAccountKey(t) 121 _, _, err := ExecuteCmd(createEditAuthorizationCallout(), 122 "--auth-user", fmt.Sprintf("%s,%s", uPK, u2PK), 123 "--allowed-account", fmt.Sprintf("%s,%s", aPK, a2PK)) 124 require.NoError(t, err) 125 126 ac, err := ts.Store.ReadAccountClaim("A") 127 require.NoError(t, err) 128 require.Contains(t, ac.Authorization.AuthUsers, uPK) 129 require.Contains(t, ac.Authorization.AuthUsers, u2PK) 130 require.Contains(t, ac.Authorization.AllowedAccounts, aPK) 131 require.Contains(t, ac.Authorization.AllowedAccounts, a2PK) 132 133 _, _, err = ExecuteCmd(createEditAuthorizationCallout(), 134 "--rm-auth-user", u2PK, 135 "--rm-allowed-account", a2PK) 136 require.NoError(t, err) 137 138 ac, err = ts.Store.ReadAccountClaim("A") 139 require.NoError(t, err) 140 require.Contains(t, ac.Authorization.AuthUsers, uPK) 141 require.NotContains(t, ac.Authorization.AuthUsers, u2PK) 142 require.Contains(t, ac.Authorization.AllowedAccounts, aPK) 143 require.NotContains(t, ac.Authorization.AllowedAccounts, a2PK) 144 }