github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/editauthorization_test.go

github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/editauthorization_test.go (about)

     1  /*
     2   * Copyright 2022 The NATS Authors
     3   * Licensed under the Apache License, Version 2.0 (the "License");
     4   * you may not use this file except in compliance with the License.
     5   * You may obtain a copy of the License at
     6   *
     7   * http://www.apache.org/licenses/LICENSE-2.0
     8   *
     9   * Unless required by applicable law or agreed to in writing, software
    10   * distributed under the License is distributed on an "AS IS" BASIS,
    11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12   * See the License for the specific language governing permissions and
    13   * limitations under the License.
    14   */
    15  package cmd
    16  
    17  import (
    18  	"fmt"
    19  	"testing"
    20  
    21  	"github.com/stretchr/testify/require"
    22  )
    23  
    24  func Test_EditAuthorizationNoFlags(t *testing.T) {
    25  	ts := NewTestStore(t, "test")
    26  	defer ts.Done(t)
    27  
    28  	ts.AddAccount(t, "A")
    29  
    30  	_, _, err := ExecuteCmd(createEditAuthorizationCallout())
    31  	require.Error(t, err)
    32  	require.Equal(t, "please specify some options", err.Error())
    33  }
    34  
    35  func Test_EditAuthorizationBadUser(t *testing.T) {
    36  	ts := NewTestStore(t, "test")
    37  	defer ts.Done(t)
    38  
    39  	ts.AddAccount(t, "A")
    40  
    41  	_, aPK, _ := CreateAccountKey(t)
    42  	_, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--auth-user", aPK)
    43  	require.Error(t, err)
    44  	require.Equal(t, fmt.Sprintf("%s is not a valid user key", aPK), err.Error())
    45  }
    46  
    47  func Test_EditAuthorizationBadAccount(t *testing.T) {
    48  	ts := NewTestStore(t, "test")
    49  	defer ts.Done(t)
    50  
    51  	ts.AddAccount(t, "A")
    52  
    53  	_, aPK, _ := CreateUserKey(t)
    54  	_, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--allowed-account", aPK)
    55  	require.Error(t, err)
    56  	require.Equal(t, fmt.Sprintf("%s is not a valid account key", aPK), err.Error())
    57  }
    58  
    59  func Test_EditAuthorizationJustUser(t *testing.T) {
    60  	ts := NewTestStore(t, "test")
    61  	defer ts.Done(t)
    62  
    63  	ts.AddAccount(t, "A")
    64  
    65  	_, uPK, _ := CreateUserKey(t)
    66  	_, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--auth-user", uPK)
    67  	require.NoError(t, err)
    68  
    69  	ac, err := ts.Store.ReadAccountClaim("A")
    70  	require.NoError(t, err)
    71  	require.Contains(t, ac.Authorization.AuthUsers, uPK)
    72  }
    73  
    74  func Test_EditAuthorizationJustAccount(t *testing.T) {
    75  	ts := NewTestStore(t, "test")
    76  	defer ts.Done(t)
    77  
    78  	ts.AddAccount(t, "A")
    79  
    80  	_, aPK, _ := CreateAccountKey(t)
    81  	_, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--allowed-account", aPK)
    82  	require.Error(t, err)
    83  	require.Contains(t, err.Error(), "External authorization cannot have accounts without users specified")
    84  }
    85  
    86  func Test_EditAuthorizationDelete(t *testing.T) {
    87  	ts := NewTestStore(t, "test")
    88  	defer ts.Done(t)
    89  
    90  	ts.AddAccount(t, "A")
    91  
    92  	_, uPK, _ := CreateUserKey(t)
    93  	_, aPK, _ := CreateAccountKey(t)
    94  	_, _, err := ExecuteCmd(createEditAuthorizationCallout(), "--auth-user", uPK, "--allowed-account", aPK)
    95  	require.NoError(t, err)
    96  
    97  	ac, err := ts.Store.ReadAccountClaim("A")
    98  	require.NoError(t, err)
    99  	require.Contains(t, ac.Authorization.AuthUsers, uPK)
   100  	require.Contains(t, ac.Authorization.AllowedAccounts, aPK)
   101  
   102  	_, _, err = ExecuteCmd(createEditAuthorizationCallout(), "--disable")
   103  	require.NoError(t, err)
   104  
   105  	ac, err = ts.Store.ReadAccountClaim("A")
   106  	require.NoError(t, err)
   107  	require.Empty(t, ac.Authorization.AuthUsers)
   108  	require.Empty(t, ac.Authorization.AllowedAccounts)
   109  }
   110  
   111  func Test_EditAuthorizationDeleteUser(t *testing.T) {
   112  	ts := NewTestStore(t, "test")
   113  	defer ts.Done(t)
   114  
   115  	ts.AddAccount(t, "A")
   116  
   117  	_, uPK, _ := CreateUserKey(t)
   118  	_, u2PK, _ := CreateUserKey(t)
   119  	_, aPK, _ := CreateAccountKey(t)
   120  	_, a2PK, _ := CreateAccountKey(t)
   121  	_, _, err := ExecuteCmd(createEditAuthorizationCallout(),
   122  		"--auth-user", fmt.Sprintf("%s,%s", uPK, u2PK),
   123  		"--allowed-account", fmt.Sprintf("%s,%s", aPK, a2PK))
   124  	require.NoError(t, err)
   125  
   126  	ac, err := ts.Store.ReadAccountClaim("A")
   127  	require.NoError(t, err)
   128  	require.Contains(t, ac.Authorization.AuthUsers, uPK)
   129  	require.Contains(t, ac.Authorization.AuthUsers, u2PK)
   130  	require.Contains(t, ac.Authorization.AllowedAccounts, aPK)
   131  	require.Contains(t, ac.Authorization.AllowedAccounts, a2PK)
   132  
   133  	_, _, err = ExecuteCmd(createEditAuthorizationCallout(),
   134  		"--rm-auth-user", u2PK,
   135  		"--rm-allowed-account", a2PK)
   136  	require.NoError(t, err)
   137  
   138  	ac, err = ts.Store.ReadAccountClaim("A")
   139  	require.NoError(t, err)
   140  	require.Contains(t, ac.Authorization.AuthUsers, uPK)
   141  	require.NotContains(t, ac.Authorization.AuthUsers, u2PK)
   142  	require.Contains(t, ac.Authorization.AllowedAccounts, aPK)
   143  	require.NotContains(t, ac.Authorization.AllowedAccounts, a2PK)
   144  }