github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/revokeclearuser_test.go

github.com/nats-io/nsc@v0.0.0-20221206222106-35db9400b257/cmd/revokeclearuser_test.go (about)

     1  /*
     2   * Copyright 2018-2020 The NATS Authors
     3   * Licensed under the Apache License, Version 2.0 (the "License");
     4   * you may not use this file except in compliance with the License.
     5   * You may obtain a copy of the License at
     6   *
     7   * http://www.apache.org/licenses/LICENSE-2.0
     8   *
     9   * Unless required by applicable law or agreed to in writing, software
    10   * distributed under the License is distributed on an "AS IS" BASIS,
    11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12   * See the License for the specific language governing permissions and
    13   * limitations under the License.
    14   */
    15  
    16  package cmd
    17  
    18  import (
    19  	"testing"
    20  
    21  	cli "github.com/nats-io/cliprompts/v2"
    22  
    23  	"github.com/stretchr/testify/require"
    24  )
    25  
    26  func TestRevokeClearUser(t *testing.T) {
    27  	ts := NewTestStore(t, "revoke_clear_user")
    28  	defer ts.Done(t)
    29  
    30  	ts.AddAccount(t, "A")
    31  	ts.AddUser(t, "A", "one")
    32  	ts.AddUser(t, "A", "two")
    33  	ts.AddUser(t, "A", "three")
    34  
    35  	_, _, err := ExecuteCmd(createRevokeUserCmd(), "--name", "one")
    36  	require.NoError(t, err)
    37  
    38  	ac, err := ts.Store.ReadAccountClaim("A")
    39  	require.NoError(t, err)
    40  	require.Len(t, ac.Revocations, 1)
    41  
    42  	u, err := ts.Store.ReadUserClaim("A", "one")
    43  	require.NoError(t, err)
    44  	require.Contains(t, ac.Revocations, u.Subject)
    45  
    46  	_, _, err = ExecuteCmd(createClearRevokeUserCmd(), "--name", "one")
    47  	require.NoError(t, err)
    48  
    49  	ac, err = ts.Store.ReadAccountClaim("A")
    50  	require.NoError(t, err)
    51  	require.Len(t, ac.Revocations, 0)
    52  
    53  	// error if not revoked
    54  	_, _, err = ExecuteCmd(createClearRevokeUserCmd(), "--name", "one")
    55  	require.Error(t, err)
    56  }
    57  
    58  func TestRevokeClearUserInteractive(t *testing.T) {
    59  	ts := NewTestStore(t, "test")
    60  	defer ts.Done(t)
    61  
    62  	ts.AddAccount(t, "A")
    63  	ts.AddUser(t, "A", "one")
    64  	ts.AddUser(t, "A", "two")
    65  	ts.AddAccount(t, "B")
    66  	ts.AddUser(t, "B", "one")
    67  	ts.AddUser(t, "B", "two")
    68  
    69  	_, _, err := ExecuteCmd(createRevokeUserCmd(), "--name", "one", "--account", "A")
    70  	require.NoError(t, err)
    71  
    72  	ac, err := ts.Store.ReadAccountClaim("A")
    73  	require.NoError(t, err)
    74  	require.Len(t, ac.Revocations, 1)
    75  
    76  	u, err := ts.Store.ReadUserClaim("A", "one")
    77  	require.NoError(t, err)
    78  	require.Contains(t, ac.Revocations, u.Subject)
    79  
    80  	// first account and first user
    81  	input := []interface{}{0, 0}
    82  	cmd := createClearRevokeUserCmd()
    83  	HoistRootFlags(cmd)
    84  	cli.LogFn = t.Log
    85  	_, _, err = ExecuteInteractiveCmd(cmd, input, "-i")
    86  	require.NoError(t, err)
    87  
    88  	ac, err = ts.Store.ReadAccountClaim("A")
    89  	require.NoError(t, err)
    90  	require.Len(t, ac.Revocations, 0)
    91  }
    92  
    93  func TestClearRevokeUserUserAndKey(t *testing.T) {
    94  	ts := NewTestStore(t, "O")
    95  	defer ts.Done(t)
    96  	ts.AddAccount(t, "A")
    97  	_, _, err := ExecuteCmd(createClearRevokeUserCmd(), "--name", "a", "--user-public-key", "UAUGJSHSTZY4ESHTL32CYYQNGT6MHXDQY6APMFMVRXWZN76RHE2IRN5O")
    98  	require.Error(t, err)
    99  	require.Contains(t, err.Error(), "user and user-public-key are mutually exclusive")
   100  }
   101  
   102  func TestClearRevokeUserNotFound(t *testing.T) {
   103  	ts := NewTestStore(t, "O")
   104  	defer ts.Done(t)
   105  	ts.AddAccount(t, "A")
   106  	ts.AddUser(t, "A", "U")
   107  	_, _, err := ExecuteCmd(createClearRevokeUserCmd(), "--name", "uu")
   108  	require.Error(t, err)
   109  	require.Contains(t, err.Error(), "not found")
   110  }
   111  
   112  func TestClearRevokeDefaultUser(t *testing.T) {
   113  	ts := NewTestStore(t, "O")
   114  	defer ts.Done(t)
   115  	ts.AddAccount(t, "A")
   116  	ts.AddUser(t, "A", "U")
   117  	_, _, err := ExecuteCmd(createRevokeUserCmd())
   118  	require.NoError(t, err)
   119  	_, _, err = ExecuteCmd(createClearRevokeUserCmd())
   120  	require.NoError(t, err)
   121  }
   122  
   123  func TestClearRevokeRevocationNotFound(t *testing.T) {
   124  	ts := NewTestStore(t, "O")
   125  	defer ts.Done(t)
   126  	ts.AddAccount(t, "A")
   127  	ts.AddUser(t, "A", "U")
   128  	_, _, err := ExecuteCmd(createRevokeUserCmd())
   129  	require.NoError(t, err)
   130  	_, _, err = ExecuteCmd(createClearRevokeUserCmd(), "-u", "*")
   131  	require.Error(t, err)
   132  	require.Contains(t, err.Error(), "user with public key * is not revoked")
   133  }
   134  
   135  func TestClearRevokeAllUsers(t *testing.T) {
   136  	ts := NewTestStore(t, "O")
   137  	defer ts.Done(t)
   138  	ts.AddAccount(t, "A")
   139  	_, _, err := ExecuteCmd(createRevokeUserCmd(), "-u", "*")
   140  	require.NoError(t, err)
   141  	_, _, err = ExecuteCmd(createClearRevokeUserCmd(), "-u", "*")
   142  	require.NoError(t, err)
   143  
   144  	ac, err := ts.Store.ReadAccountClaim("A")
   145  	require.NoError(t, err)
   146  	require.Empty(t, ac.Revocations)
   147  }