github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/importaccount_test.go (about) 1 /* 2 * Copyright 2018-2022 The NATS Authors 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package cmd 17 18 import ( 19 "os" 20 "path/filepath" 21 "testing" 22 23 "github.com/nats-io/jwt" 24 "github.com/nats-io/nkeys" 25 "github.com/stretchr/testify/require" 26 ) 27 28 func Test_ImportAccountSelfSigned(t *testing.T) { 29 ts := NewTestStore(t, "O") 30 defer ts.Done(t) 31 32 akp, _ := nkeys.CreateAccount() 33 pk, _ := akp.PublicKey() 34 ac := jwt.NewAccountClaims(pk) 35 ac.Name = ac.Subject 36 theJWT, err := ac.Encode(akp) 37 require.NoError(t, err) 38 require.True(t, ac.IsSelfSigned()) 39 40 check := func() { 41 t.Helper() 42 claim, err := ts.Store.ReadAccountClaim(pk) 43 require.NoError(t, err) 44 require.False(t, claim.IsSelfSigned()) 45 } 46 47 file := filepath.Join(ts.Dir, "account-selfsigned.jwt") 48 err = os.WriteFile(file, []byte(theJWT), 0666) 49 require.NoError(t, err) 50 _, _, err = ExecuteCmd(createImportAccountCmd(), "--file", file) 51 require.NoError(t, err) 52 check() 53 _, _, err = ExecuteCmd(createImportAccountCmd(), "--file", file) 54 require.Error(t, err) 55 _, _, err = ExecuteCmd(createImportAccountCmd(), "--file", file, "--overwrite") 56 require.NoError(t, err) 57 check() 58 } 59 60 func Test_ImportAccountOtherOperator(t *testing.T) { 61 test := func(force bool) { 62 ts := NewTestStore(t, "O") 63 defer ts.Done(t) 64 oKp, _ := nkeys.CreateOperator() 65 akp, _ := nkeys.CreateAccount() 66 pk, _ := akp.PublicKey() 67 ac := jwt.NewAccountClaims(pk) 68 ac.Name = ac.Subject 69 theJWT, err := ac.Encode(oKp) 70 require.NoError(t, err) 71 require.False(t, ac.IsSelfSigned()) 72 file := filepath.Join(ts.Dir, "account.jwt") 73 err = os.WriteFile(file, []byte(theJWT), 0666) 74 require.NoError(t, err) 75 if force { 76 _, _, err = ExecuteCmd(createImportAccountCmd(), "--file", file, "--force") 77 require.NoError(t, err) 78 } else { 79 _, _, err = ExecuteCmd(createImportAccountCmd(), "--file", file) 80 require.Error(t, err) 81 } 82 } 83 test(false) 84 test(true) 85 } 86 87 func Test_ImportDecoratedAccount(t *testing.T) { 88 ts := NewTestStore(t, "O") 89 defer ts.Done(t) 90 91 ts.AddAccount(t, "A") 92 93 // save a naked jwt 94 a, err := ts.Store.ReadRawAccountClaim("A") 95 require.NoError(t, err) 96 normal := filepath.Join(ts.Dir, "a.jwt") 97 err = Write(normal, a) 98 require.NoError(t, err) 99 100 // save a decorated jwt 101 decorated := filepath.Join(ts.Dir, "decorated_a.jwt") 102 _, _, err = ExecuteCmd(rootCmd, "describe", "account", "A", "--raw", "--output-file", decorated) 103 104 // delete the account 105 require.NoError(t, err) 106 _, _, err = ExecuteCmd(createDeleteAccountCmd(), "A", "--force") 107 require.NoError(t, err) 108 _, err = ts.Store.ReadAccountClaim("A") 109 require.Error(t, err) 110 require.Equal(t, "account A does not exist in the current operator", err.Error()) 111 112 // import the naked jwt 113 _, _, err = ExecuteCmd(rootCmd, "import", "account", "--file", normal) 114 require.NoError(t, err) 115 _, err = ts.Store.ReadAccountClaim("A") 116 require.NoError(t, err) 117 _, _, err = ExecuteCmd(createDeleteAccountCmd(), "A", "--force") 118 require.NoError(t, err) 119 120 // import the decorated jwt 121 _, _, err = ExecuteCmd(rootCmd, "import", "account", "--file", decorated) 122 require.NoError(t, err) 123 }