Moving default permissions to v2 (#82)

Signed-off-by: Matthias Hanel <mh@synadia.com>
nats-io · Jun 2, 2020 · 473d698 · 473d698
1 parent 8622fff
commit 473d698
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 41 deletions.
diff --git a/account_claims.go b/account_claims.go
@@ -55,21 +55,19 @@ func (o *OperatorLimits) Validate(vr *ValidationResults) {
 
 // Account holds account specific claims data
 type Account struct {
-	Imports            Imports        `json:"imports,omitempty"`
-	Exports            Exports        `json:"exports,omitempty"`
-	Identities         []Identity     `json:"identity,omitempty"`
-	Limits             OperatorLimits `json:"limits,omitempty"`
-	SigningKeys        StringList     `json:"signing_keys,omitempty"`
-	Revocations        RevocationList `json:"revocations,omitempty"`
-	DefaultPermissions Permissions    `json:"default_permissions,omitempty"`
+	Imports     Imports        `json:"imports,omitempty"`
+	Exports     Exports        `json:"exports,omitempty"`
+	Identities  []Identity     `json:"identity,omitempty"`
+	Limits      OperatorLimits `json:"limits,omitempty"`
+	SigningKeys StringList     `json:"signing_keys,omitempty"`
+	Revocations RevocationList `json:"revocations,omitempty"`
 }
 
 // Validate checks if the account is valid, based on the wrapper
 func (a *Account) Validate(acct *AccountClaims, vr *ValidationResults) {
 	a.Imports.Validate(acct.Subject, vr)
 	a.Exports.Validate(vr)
 	a.Limits.Validate(vr)
-	a.DefaultPermissions.Validate(vr)
 
 	for _, i := range a.Identities {
 		i.Validate(vr)

diff --git a/account_claims_test.go b/account_claims_test.go
@@ -533,30 +533,3 @@ func TestUserRevocation(t *testing.T) {
 		t.Errorf("revocation be true we revoked in the future")
 	}
 }
-
-func TestAccountDefaultPermissions(t *testing.T) {
-	akp := createAccountNKey(t)
-	apk := publicKey(akp, t)
-
-	account := NewAccountClaims(apk)
-	account.DefaultPermissions.Sub = Permission{
-		Allow: []string{"foo.1", "bar.*"},
-		Deny:  []string{"foo.2", "baz.>"},
-	}
-	account.DefaultPermissions.Pub = Permission{
-		Allow: []string{"foo.4", "bar.>"},
-		Deny:  []string{"foo.4", "baz.*"},
-	}
-	account.DefaultPermissions.Resp = &ResponsePermission{
-		5,
-		5 * time.Second}
-
-	actJwt := encode(account, akp, t)
-
-	account2, err := DecodeAccountClaims(actJwt)
-	if err != nil {
-		t.Fatal("error decoding account jwt", err)
-	}
-
-	AssertEquals(account.String(), account2.String(), t)
-}
diff --git a/v2/account_claims.go b/v2/account_claims.go
@@ -55,12 +55,13 @@ func (o *OperatorLimits) Validate(_ *ValidationResults) {
 
 // Account holds account specific claims data
 type Account struct {
-	Imports     Imports        `json:"imports,omitempty"`
-	Exports     Exports        `json:"exports,omitempty"`
-	Identities  []Identity     `json:"identity,omitempty"`
-	Limits      OperatorLimits `json:"limits,omitempty"`
-	SigningKeys StringList     `json:"signing_keys,omitempty"`
-	Revocations RevocationList `json:"revocations,omitempty"`
+	Imports            Imports        `json:"imports,omitempty"`
+	Exports            Exports        `json:"exports,omitempty"`
+	Identities         []Identity     `json:"identity,omitempty"`
+	Limits             OperatorLimits `json:"limits,omitempty"`
+	SigningKeys        StringList     `json:"signing_keys,omitempty"`
+	Revocations        RevocationList `json:"revocations,omitempty"`
+	DefaultPermissions Permissions    `json:"default_permissions,omitempty"`
 	GenericFields
 }
 
@@ -69,6 +70,7 @@ func (a *Account) Validate(acct *AccountClaims, vr *ValidationResults) {
 	a.Imports.Validate(acct.Subject, vr)
 	a.Exports.Validate(vr)
 	a.Limits.Validate(vr)
+	a.DefaultPermissions.Validate(vr)
 
 	for _, i := range a.Identities {
 		i.Validate(vr)

diff --git a/v2/account_claims_test.go b/v2/account_claims_test.go
@@ -530,3 +530,30 @@ func TestUserRevocation(t *testing.T) {
 		t.Errorf("revocation be true we revoked in the future")
 	}
 }
+
+func TestAccountDefaultPermissions(t *testing.T) {
+	akp := createAccountNKey(t)
+	apk := publicKey(akp, t)
+
+	account := NewAccountClaims(apk)
+	account.DefaultPermissions.Sub = Permission{
+		Allow: []string{"foo.1", "bar.*"},
+		Deny:  []string{"foo.2", "baz.>"},
+	}
+	account.DefaultPermissions.Pub = Permission{
+		Allow: []string{"foo.4", "bar.>"},
+		Deny:  []string{"foo.4", "baz.*"},
+	}
+	account.DefaultPermissions.Resp = &ResponsePermission{
+		5,
+		5 * time.Second}
+
+	actJwt := encode(account, akp, t)
+
+	account2, err := DecodeAccountClaims(actJwt)
+	if err != nil {
+		t.Fatal("error decoding account jwt", err)
+	}
+
+	AssertEquals(account.String(), account2.String(), t)
+}