diff --git a/server/accounts_test.go b/server/accounts_test.go index c648d0fe00b..6a3ee7a8822 100644 --- a/server/accounts_test.go +++ b/server/accounts_test.go @@ -1,4 +1,4 @@ -// Copyright 2018-2020 The NATS Authors +// Copyright 2018-2022 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at @@ -322,156 +322,69 @@ func TestAccountFromOptions(t *testing.T) { } } -func TestNewAccountsFromClients(t *testing.T) { - opts := defaultServerOptions - s := New(&opts) - defer s.Shutdown() - - c, cr, _ := newClientForServer(s) - defer c.close() - connectOp := "CONNECT {\"account\":\"foo\"}\r\n" - c.parseAsync(connectOp) - l, _ := cr.ReadString('\n') - if !strings.HasPrefix(l, "-ERR ") { - t.Fatalf("Expected an error") - } +// Clients used to be able to ask that the account be forced to be new. +// This was for dynamic sandboxes for demo environments but was never really used. +// Make sure it always errors if set. +func TestNewAccountAndRequireNewAlwaysError(t *testing.T) { + conf := createConfFile(t, []byte(` + listen: 127.0.0.1:-1 + accounts: { + A: { users: [ {user: ua, password: pa} ] }, + B: { users: [ {user: ub, password: pb} ] }, + } + `)) + defer removeFile(t, conf) - opts.AllowNewAccounts = true - s = New(&opts) + s, _ := RunServerWithConfig(conf) defer s.Shutdown() - c, cr, _ = newClientForServer(s) - defer c.close() + // Success case + c, _, _ := newClientForServer(s) + connectOp := "CONNECT {\"user\":\"ua\", \"pass\":\"pa\"}\r\n" err := c.parse([]byte(connectOp)) - if err != nil { - t.Fatalf("Received an error trying to connect: %v", err) - } - c.parseAsync("PING\r\n") - l, err = cr.ReadString('\n') - if err != nil { - t.Fatalf("Error reading response for client from server: %v", err) - } - if !strings.HasPrefix(l, "PONG\r\n") { - t.Fatalf("PONG response incorrect: %q", l) - } -} - -func TestActiveAccounts(t *testing.T) { - opts := defaultServerOptions - opts.AllowNewAccounts = true - opts.Cluster.Port = 22 - - s := New(&opts) - defer s.Shutdown() - - if s.NumActiveAccounts() != 0 { - t.Fatalf("Expected no active account, got %d", s.NumActiveAccounts()) - } - - addClientWithAccount := func(accName string) *testAsyncClient { - t.Helper() - c, _, _ := newClientForServer(s) - connectOp := fmt.Sprintf("CONNECT {\"account\":\"%s\"}\r\n", accName) - err := c.parse([]byte(connectOp)) - if err != nil { - t.Fatalf("Received an error trying to connect: %v", err) - } - return c - } - - // Now add some clients. - cf1 := addClientWithAccount("foo") - defer cf1.close() - if s.activeAccounts != 1 { - t.Fatalf("Expected active accounts to be 1, got %d", s.activeAccounts) - } - // Adding in same one should not change total. - cf2 := addClientWithAccount("foo") - defer cf2.close() - if s.activeAccounts != 1 { - t.Fatalf("Expected active accounts to be 1, got %d", s.activeAccounts) - } - // Add in new one. - cb1 := addClientWithAccount("bar") - defer cb1.close() - if s.activeAccounts != 2 { - t.Fatalf("Expected active accounts to be 2, got %d", s.activeAccounts) - } - - // Make sure the Accounts track clients. - foo, _ := s.LookupAccount("foo") - bar, _ := s.LookupAccount("bar") - if foo == nil || bar == nil { - t.Fatalf("Error looking up accounts") - } - if nc := foo.NumConnections(); nc != 2 { - t.Fatalf("Expected account foo to have 2 clients, got %d", nc) - } - if nc := bar.NumConnections(); nc != 1 { - t.Fatalf("Expected account bar to have 1 client, got %d", nc) - } - - waitTilActiveCount := func(n int32) { - t.Helper() - checkFor(t, time.Second, 10*time.Millisecond, func() error { - if active := s.NumActiveAccounts(); active != n { - return fmt.Errorf("Number of active accounts is %d", active) - } - return nil - }) - } - - // Test Removal - cb1.closeConnection(ClientClosed) - waitTilActiveCount(1) - - checkAccClientsCount(t, bar, 0) - - // This should not change the count. - cf1.closeConnection(ClientClosed) - waitTilActiveCount(1) - - checkAccClientsCount(t, foo, 1) - - cf2.closeConnection(ClientClosed) - waitTilActiveCount(0) - - checkAccClientsCount(t, foo, 0) -} - -// Clients can ask that the account be forced to be new. If it exists this is an error. -func TestNewAccountRequireNew(t *testing.T) { - // This has foo and bar accounts already. - s, _, _ := simpleAccountServer(t) + require_NoError(t, err) + c.close() + // Simple cases, any setting of account or new_account always errors. + // Even with proper auth. c, cr, _ := newClientForServer(s) - defer c.close() - connectOp := "CONNECT {\"account\":\"foo\",\"new_account\":true}\r\n" + connectOp = "CONNECT {\"user\":\"ua\", \"pass\":\"pa\", \"account\":\"ANY\"}\r\n" c.parseAsync(connectOp) l, _ := cr.ReadString('\n') - if !strings.HasPrefix(l, "-ERR ") { - t.Fatalf("Expected an error") + if !strings.HasPrefix(l, "-ERR 'Authorization Violation'") { + t.Fatalf("Expected an error, got %q", l) } + c.close() - // Now allow new accounts on the fly, make sure second time does not work. - opts := defaultServerOptions - opts.AllowNewAccounts = true - s = New(&opts) + // new_account with proper credentials. + c, cr, _ = newClientForServer(s) + connectOp = "CONNECT {\"user\":\"ua\", \"pass\":\"pa\", \"new_account\":true}\r\n" + c.parseAsync(connectOp) + l, _ = cr.ReadString('\n') + if !strings.HasPrefix(l, "-ERR 'Authorization Violation'") { + t.Fatalf("Expected an error, got %q", l) + } + c.close() - c, _, _ = newClientForServer(s) - defer c.close() - err := c.parse([]byte(connectOp)) - if err != nil { - t.Fatalf("Received an error trying to create an account: %v", err) + // switch acccounts with proper credentials. + c, cr, _ = newClientForServer(s) + connectOp = "CONNECT {\"user\":\"ua\", \"pass\":\"pa\", \"account\":\"B\"}\r\n" + c.parseAsync(connectOp) + l, _ = cr.ReadString('\n') + if !strings.HasPrefix(l, "-ERR 'Authorization Violation'") { + t.Fatalf("Expected an error, got %q", l) } + c.close() + // Even if correct account designation, still make sure we error. c, cr, _ = newClientForServer(s) - defer c.close() + connectOp = "CONNECT {\"user\":\"ua\", \"pass\":\"pa\", \"account\":\"A\"}\r\n" c.parseAsync(connectOp) l, _ = cr.ReadString('\n') - if !strings.HasPrefix(l, "-ERR ") { - t.Fatalf("Expected an error") + if !strings.HasPrefix(l, "-ERR 'Authorization Violation'") { + t.Fatalf("Expected an error, got %q", l) } + c.close() } func accountNameExists(name string, accounts []*Account) bool { diff --git a/server/client.go b/server/client.go index b1edd1e4101..ce2c0ee06e1 100644 --- a/server/client.go +++ b/server/client.go @@ -1,4 +1,4 @@ -// Copyright 2012-2021 The NATS Authors +// Copyright 2012-2022 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at @@ -1822,35 +1822,15 @@ func (c *client) processConnect(arg []byte) error { return ErrAuthentication } - // Check for Account designation, this section should be only used when there is not a jwt. - if account != _EMPTY_ { - var acc *Account - var wasNew bool - var err error - if !srv.NewAccountsAllowed() { - acc, err = srv.LookupAccount(account) - if err != nil { - c.Errorf(err.Error()) - c.sendErr(ErrMissingAccount.Error()) - return err - } else if accountNew && acc != nil { - c.sendErrAndErr(ErrAccountExists.Error()) - return ErrAccountExists - } - } else { - // We can create this one on the fly. - acc, wasNew = srv.LookupOrRegisterAccount(account) - if accountNew && !wasNew { - c.sendErrAndErr(ErrAccountExists.Error()) - return ErrAccountExists - } - } - // If we are here we can register ourselves with the new account. - if err := c.registerWithAccount(acc); err != nil { - c.reportErrRegisterAccount(acc, err) - return ErrBadAccount - } - } else if c.acc == nil { + // Check for Account designation, we used to have this as an optional feature for dynamic + // sandbox environments. Now its considered an error. + if accountNew || account != _EMPTY_ { + c.authViolation() + return ErrAuthentication + } + + // If no account designation. + if c.acc == nil { // By default register with the global account. c.registerWithAccount(srv.globalAccount()) } diff --git a/server/events.go b/server/events.go index 35f336a2a1d..1b5b85ffc80 100644 --- a/server/events.go +++ b/server/events.go @@ -343,7 +343,6 @@ RESET: b, _ = json.Marshal(pm.msg) } } - // Setup our client. If the user wants to use a non-system account use our internal // account scoped here so that we are not changing out accounts for the system client. var c *client @@ -1617,7 +1616,7 @@ func (s *Server) sendLeafNodeConnect(a *Account) { func (s *Server) sendLeafNodeConnectMsg(accName string) { subj := fmt.Sprintf(leafNodeConnectEventSubj, accName) m := accNumConnsReq{Account: accName} - s.sendInternalMsg(subj, "", &m.Server, &m) + s.sendInternalMsg(subj, _EMPTY_, &m.Server, &m) } // sendAccConnsUpdate is called to send out our information on the diff --git a/server/jwt.go b/server/jwt.go index e7a5babb22b..5ab89791a8b 100644 --- a/server/jwt.go +++ b/server/jwt.go @@ -1,4 +1,4 @@ -// Copyright 2018-2019 The NATS Authors +// Copyright 2018-2022 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at @@ -70,9 +70,6 @@ func validateTrustedOperators(o *Options) error { if len(o.TrustedOperators) == 0 { return nil } - if o.AllowNewAccounts { - return fmt.Errorf("operators do not allow dynamic creation of new accounts") - } if o.AccountResolver == nil { return fmt.Errorf("operators require an account resolver to be configured") } diff --git a/server/opts.go b/server/opts.go index fba65710170..0493a280279 100644 --- a/server/opts.go +++ b/server/opts.go @@ -204,7 +204,6 @@ type Options struct { NoAuthUser string `json:"-"` SystemAccount string `json:"-"` NoSystemAccount bool `json:"-"` - AllowNewAccounts bool `json:"-"` Username string `json:"-"` Password string `json:"-"` Authorization string `json:"-"` diff --git a/server/route.go b/server/route.go index da8a74ddb9d..b2bc607a8a9 100644 --- a/server/route.go +++ b/server/route.go @@ -1035,20 +1035,17 @@ func (c *client) processRemoteSub(argo []byte, hasOrigin bool) (err error) { acc = v.(*Account) } if acc == nil { - expire := false isNew := false - if !srv.NewAccountsAllowed() { - // if the option of retrieving accounts later exists, create an expired one. - // When a client comes along, expiration will prevent it from being used, - // cause a fetch and update the account to what is should be. - if staticResolver { - c.Errorf("Unknown account %q for remote subject %q", accountName, sub.subject) - return - } - c.Debugf("Unknown account %q for remote subject %q", accountName, sub.subject) - expire = true + // if the option of retrieving accounts later exists, create an expired one. + // When a client comes along, expiration will prevent it from being used, + // cause a fetch and update the account to what is should be. + if staticResolver { + c.Errorf("Unknown account %q for remote subject %q", accountName, sub.subject) + return } - if acc, isNew = srv.LookupOrRegisterAccount(accountName); isNew && expire { + c.Debugf("Unknown account %q for remote subject %q", accountName, sub.subject) + + if acc, isNew = srv.LookupOrRegisterAccount(accountName); isNew { acc.mu.Lock() acc.expired = true acc.incomplete = true diff --git a/server/server.go b/server/server.go index 47afdacbbba..11e4b6d07c4 100644 --- a/server/server.go +++ b/server/server.go @@ -1108,13 +1108,6 @@ func (s *Server) logPid() error { return ioutil.WriteFile(s.getOpts().PidFile, []byte(pidStr), 0660) } -// NewAccountsAllowed returns whether or not new accounts can be created on the fly. -func (s *Server) NewAccountsAllowed() bool { - s.mu.Lock() - defer s.mu.Unlock() - return s.opts.AllowNewAccounts -} - // numReservedAccounts will return the number of reserved accounts configured in the server. // Currently this is 1, one for the global default account. func (s *Server) numReservedAccounts() int { diff --git a/test/bench_test.go b/test/bench_test.go index 17cda7f6e1f..17916721411 100644 --- a/test/bench_test.go +++ b/test/bench_test.go @@ -1391,92 +1391,3 @@ func Benchmark__GWs_Reqs_1_SubAll(b *testing.B) { func Benchmark__GWs_Reqs_1SubEach(b *testing.B) { gatewaySendRequestsBench(b, false) } - -func Benchmark_____RoutedIntGraph(b *testing.B) { - s, o := RunServerWithConfig("./configs/srv_a.conf") - o.AllowNewAccounts = true - defer s.Shutdown() - - numRoutes := 100 - loop := b.N / numRoutes - - type rh struct { - r net.Conn - send sendFun - expect expectFun - done chan bool - } - - routes := make([]*rh, 0, numRoutes) - for i := 0; i < numRoutes; i++ { - r := createRouteConn(b, o.Cluster.Host, o.Cluster.Port) - defer r.Close() - - checkInfoMsg(b, r) - send, expect := setupRoute(b, r, o) - send("PING\r\n") - expect(pongRe) - - bw := bufio.NewWriterSize(r, defaultSendBufSize) - - account := fmt.Sprintf("$foo.account.%d", i) - for s := 0; s < loop; s++ { - bw.Write([]byte(fmt.Sprintf("RS+ %s foo.bar.%d\r\n", account, s))) - } - bw.Flush() - send("PING\r\n") - expect(pongRe) - routes = append(routes, &rh{r, send, expect, make(chan bool)}) - } - - startCh := make(chan bool) - - unsubLoop := func(route *rh, ch chan bool, index int) { - bw := bufio.NewWriterSize(route.r, defaultSendBufSize) - account := fmt.Sprintf("$foo.account.%d", index) - - // Wait for seed server's first PING so that it does - // not interfere with the expected PONG after sending - // all RS- and last PING. - // The wait here does not affect perf measurements - // since we do so *before* we signal that we are ready. - route.expect(pingRe) - route.send("PONG\r\n") - - // Signal we are ready - close(ch) - - // Wait to start up actual unsubs. - <-startCh - - for i := 0; i < loop; i++ { - _, err := bw.Write([]byte(fmt.Sprintf("RS- %s foo.bar.%d\r\n", account, i))) - if err != nil { - b.Errorf("Received error on RS- write: %v\n", err) - return - } - } - err := bw.Flush() - if err != nil { - b.Errorf("Received error on FLUSH write: %v\n", err) - return - } - route.send("PING\r\n") - route.expect(pongRe) - close(route.done) - } - - for i, route := range routes { - ch := make(chan bool) - go unsubLoop(route, ch, i) - <-ch - } - - // Actual unsub test here. - b.ResetTimer() - close(startCh) - for _, route := range routes { - <-route.done - } - b.StopTimer() -} diff --git a/test/gateway_test.go b/test/gateway_test.go index 96948720595..263c2abbd58 100644 --- a/test/gateway_test.go +++ b/test/gateway_test.go @@ -149,10 +149,9 @@ func TestGatewayAccountInterest(t *testing.T) { // A should receive an A+ because B knows that it previously sent // an A-, but since it did not send one to C, C should not receive // the A+. - sb.RegisterAccount("$foo") client := createClientConn(t, ob.Host, ob.Port) defer client.Close() - clientSend, clientExpect := setupConnWithAccount(t, client, "$foo") + clientSend, clientExpect := setupConnWithAccount(t, sb, client, "$foo") clientSend("SUB not.used 1234567\r\nPING\r\n") clientExpect(pongRe) gAExpect(asubRe) diff --git a/test/leafnode_test.go b/test/leafnode_test.go index 30b4e3a4d44..89ff98bad55 100644 --- a/test/leafnode_test.go +++ b/test/leafnode_test.go @@ -825,8 +825,8 @@ func TestLeafNodeGatewaySendsSystemEvent(t *testing.T) { defer c.Close() // Listen for the leaf node event. - send, expect := setupConnWithAccount(t, c, "$SYS") - send("SUB $SYS.ACCOUNT.*.LEAFNODE.CONNECT 1\r\nPING\r\n") + send, expect := setupConnWithAccount(t, ca.servers[0], c, "$SYS") + send("SUB $SYS.ACCOUNT.$G.LEAFNODE.CONNECT 1\r\nPING\r\n") expect(pongRe) opts = cb.opts[0] diff --git a/test/new_routes_test.go b/test/new_routes_test.go index 8c2161dcbdf..338f60a69a6 100644 --- a/test/new_routes_test.go +++ b/test/new_routes_test.go @@ -1,4 +1,4 @@ -// Copyright 2018-2020 The NATS Authors +// Copyright 2018-2022 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at @@ -212,7 +212,7 @@ func TestNewRouteConnectSubsWithAccount(t *testing.T) { c := createClientConn(t, opts.Host, opts.Port) defer c.Close() - send, expect := setupConnWithAccount(t, c, accName) + send, expect := setupConnWithAccount(t, s, c, accName) // Create 10 normal subs and 10 queue subscribers. for i := 0; i < 10; i++ { @@ -283,7 +283,7 @@ func TestNewRouteRSubs(t *testing.T) { // Create a client an account foo. clientA := createClientConn(t, opts.Host, opts.Port) - sendA, expectA := setupConnWithAccount(t, clientA, "$foo") + sendA, expectA := setupConnWithAccount(t, s, clientA, "$foo") defer clientA.Close() sendA("PING\r\n") expectA(pongRe) @@ -312,7 +312,7 @@ func TestNewRouteRSubs(t *testing.T) { // Now create a new client for account $bar and have them subscribe. clientB := createClientConn(t, opts.Host, opts.Port) - sendB, expectB := setupConnWithAccount(t, clientB, "$bar") + sendB, expectB := setupConnWithAccount(t, s, clientB, "$bar") defer clientB.Close() sendB("PING\r\n") @@ -539,9 +539,6 @@ func TestNewRouteRUnsubAccountSpecific(t *testing.T) { s, opts := runNewRouteServer(t) defer s.Shutdown() - // Allow new accounts to be created on the fly. - opts.AllowNewAccounts = true - // Create a routeConn rc := createRouteConn(t, opts.Cluster.Host, opts.Cluster.Port) defer rc.Close() @@ -554,6 +551,7 @@ func TestNewRouteRUnsubAccountSpecific(t *testing.T) { // Now create 500 subs on same subject but all different accounts. for i := 0; i < 500; i++ { account := fmt.Sprintf("$foo.account.%d", i) + s.RegisterAccount(account) routeSend(fmt.Sprintf("RS+ %s foo\r\n", account)) } routeSend("PING\r\n") @@ -566,7 +564,7 @@ func TestNewRouteRUnsubAccountSpecific(t *testing.T) { c := createClientConn(t, opts.Host, opts.Port) defer c.Close() - send, expect := setupConnWithAccount(t, c, "$foo.account.22") + send, expect := setupConnWithAccount(t, s, c, "$foo.account.22") send("PUB foo 2\r\nok\r\nPING\r\n") expect(pongRe) c.Close() @@ -574,7 +572,7 @@ func TestNewRouteRUnsubAccountSpecific(t *testing.T) { // But make sure we still receive on others c = createClientConn(t, opts.Host, opts.Port) defer c.Close() - send, expect = setupConnWithAccount(t, c, "$foo.account.33") + send, expect = setupConnWithAccount(t, s, c, "$foo.account.33") send("PUB foo 2\r\nok\r\nPING\r\n") expect(pongRe) @@ -589,9 +587,6 @@ func TestNewRouteRSubCleanupOnDisconnect(t *testing.T) { s, opts := runNewRouteServer(t) defer s.Shutdown() - // Allow new accounts to be created on the fly. - opts.AllowNewAccounts = true - // Create a routeConn rc := createRouteConn(t, opts.Cluster.Host, opts.Cluster.Port) defer rc.Close() @@ -885,15 +880,14 @@ func TestNewRouteSinglePublishOnNewAccount(t *testing.T) { defer srvA.Shutdown() defer srvB.Shutdown() - // Allow new accounts to be created on the fly. - optsA.AllowNewAccounts = true - optsB.AllowNewAccounts = true + srvA.RegisterAccount("$TEST22") + srvB.RegisterAccount("$TEST22") // Create and establish a listener on foo for $TEST22 account. clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$TEST22") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$TEST22") sendA("SUB foo 1\r\nPING\r\n") expectA(pongRe) @@ -905,7 +899,7 @@ func TestNewRouteSinglePublishOnNewAccount(t *testing.T) { defer clientB.Close() // Send a message, flush to make sure server processed and close connection. - sendB, expectB := setupConnWithAccount(t, clientB, "$TEST22") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$TEST22") sendB("PUB foo 2\r\nok\r\nPING\r\n") expectB(pongRe) clientB.Close() @@ -921,15 +915,14 @@ func TestNewRouteSinglePublishToQueueSubscriberOnNewAccount(t *testing.T) { defer srvA.Shutdown() defer srvB.Shutdown() - // Allow new accounts to be created on the fly. - optsA.AllowNewAccounts = true - optsB.AllowNewAccounts = true + srvA.RegisterAccount("$TEST22") + srvB.RegisterAccount("$TEST22") // Create and establish a listener on foo for $TEST22 account. clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$TEST22") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$TEST22") sendA("SUB foo bar 1\r\nPING\r\n") expectA(pongRe) @@ -937,7 +930,7 @@ func TestNewRouteSinglePublishToQueueSubscriberOnNewAccount(t *testing.T) { defer clientB.Close() // Send a message, flush to make sure server processed and close connection. - sendB, expectB := setupConnWithAccount(t, clientB, "$TEST22") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$TEST22") sendB("PUB foo bar 2\r\nok\r\nPING\r\n") expectB(pongRe) defer clientB.Close() @@ -959,23 +952,22 @@ func TestNewRouteSinglePublishToMultipleQueueSubscriberOnNewAccount(t *testing.T defer srvB.Shutdown() defer srvC.Shutdown() - // Allow new accounts to be created on the fly. - optsA.AllowNewAccounts = true - optsB.AllowNewAccounts = true - optsC.AllowNewAccounts = true + srvA.RegisterAccount("$TEST22") + srvB.RegisterAccount("$TEST22") + srvC.RegisterAccount("$TEST22") // Create and establish a listener on foo/bar for $TEST22 account. Do this on ClientA and ClientC. clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$TEST22") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$TEST22") sendA("SUB foo bar 11\r\nPING\r\n") expectA(pongRe) clientC := createClientConn(t, optsC.Host, optsC.Port) defer clientC.Close() - sendC, expectC := setupConnWithAccount(t, clientC, "$TEST22") + sendC, expectC := setupConnWithAccount(t, srvC, clientC, "$TEST22") sendC("SUB foo bar 33\r\nPING\r\n") expectC(pongRe) @@ -990,7 +982,7 @@ func TestNewRouteSinglePublishToMultipleQueueSubscriberOnNewAccount(t *testing.T time.Sleep(100 * time.Millisecond) // Send a message, flush to make sure server processed and close connection. - sendB, expectB := setupConnWithAccount(t, clientB, "$TEST22") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$TEST22") sendB("PUB foo 2\r\nok\r\nPING\r\n") expectB(pongRe) defer clientB.Close() @@ -1086,14 +1078,14 @@ func testNewRouteStreamImport(t *testing.T, duplicateSub bool) { clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$foo") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$foo") // Now setup client B on srvB who will do a sub from account $bar // that should map account $foo's foo subject. clientB := createClientConn(t, optsB.Host, optsB.Port) defer clientB.Close() - sendB, expectB := setupConnWithAccount(t, clientB, "$bar") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$bar") sendB("SUB foo 1\r\n") if duplicateSub { sendB("SUB foo 1\r\n") @@ -1183,7 +1175,7 @@ func TestNewRouteStreamImportLargeFanout(t *testing.T) { for i := 0; i < fanout; i++ { clientB[i] = createClientConn(t, optsB.Host, optsB.Port) defer clientB[i].Close() - sendB[i], expectB[i] = setupConnWithAccount(t, clientB[i], barA[i].Name) + sendB[i], expectB[i] = setupConnWithAccount(t, srvB, clientB[i], barA[i].Name) sendB[i]("SUB foo 1\r\nPING\r\n") expectB[i](pongRe) } @@ -1252,7 +1244,7 @@ func TestNewRouteServiceImport(t *testing.T) { clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$foo") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$foo") sendA("SUB test.request 1\r\nPING\r\n") expectA(pongRe) @@ -1261,7 +1253,7 @@ func TestNewRouteServiceImport(t *testing.T) { clientB := createClientConn(t, optsB.Host, optsB.Port) defer clientB.Close() - sendB, expectB := setupConnWithAccount(t, clientB, "$bar") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$bar") sendB("SUB reply 1\r\nPING\r\n") expectB(pongRe) @@ -1353,7 +1345,7 @@ func TestNewRouteServiceExportWithWildcards(t *testing.T) { clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$foo") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$foo") sendA("SUB ngs.update.* 1\r\nPING\r\n") expectA(pongRe) @@ -1362,7 +1354,7 @@ func TestNewRouteServiceExportWithWildcards(t *testing.T) { clientB := createClientConn(t, optsB.Host, optsB.Port) defer clientB.Close() - sendB, expectB := setupConnWithAccount(t, clientB, "$bar") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$bar") sendB("SUB reply 1\r\nPING\r\n") expectB(pongRe) @@ -1433,7 +1425,7 @@ func TestNewRouteServiceImportQueueGroups(t *testing.T) { clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$foo") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$foo") sendA("SUB test.request QGROUP 1\r\nPING\r\n") expectA(pongRe) @@ -1442,7 +1434,7 @@ func TestNewRouteServiceImportQueueGroups(t *testing.T) { clientB := createClientConn(t, optsB.Host, optsB.Port) defer clientB.Close() - sendB, expectB := setupConnWithAccount(t, clientB, "$bar") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$bar") sendB("SUB reply QGROUP_TOO 1\r\nPING\r\n") expectB(pongRe) @@ -1512,7 +1504,7 @@ func TestNewRouteServiceImportDanglingRemoteSubs(t *testing.T) { clientA := createClientConn(t, optsA.Host, optsA.Port) defer clientA.Close() - sendA, expectA := setupConnWithAccount(t, clientA, "$foo") + sendA, expectA := setupConnWithAccount(t, srvA, clientA, "$foo") // Express interest. sendA("SUB test.request 1\r\nPING\r\n") expectA(pongRe) @@ -1522,7 +1514,7 @@ func TestNewRouteServiceImportDanglingRemoteSubs(t *testing.T) { clientB := createClientConn(t, optsB.Host, optsB.Port) defer clientB.Close() - sendB, expectB := setupConnWithAccount(t, clientB, "$bar") + sendB, expectB := setupConnWithAccount(t, srvB, clientB, "$bar") sendB("SUB reply 1\r\nPING\r\n") expectB(pongRe) diff --git a/test/operator_test.go b/test/operator_test.go index 690ec397182..c094e41e622 100644 --- a/test/operator_test.go +++ b/test/operator_test.go @@ -81,7 +81,6 @@ func TestOperatorRestrictions(t *testing.T) { opts.Accounts = nil opts.Users = nil opts.Nkeys = nil - opts.AllowNewAccounts = false } wipeOpts() @@ -100,12 +99,7 @@ func TestOperatorRestrictions(t *testing.T) { t.Fatalf("Expected an error with Nkey Users defined") } wipeOpts() - opts.AllowNewAccounts = true - if _, err := server.NewServer(opts); err == nil { - t.Fatalf("Expected an error with AllowNewAccounts set to true") - } - wipeOpts() opts.AccountResolver = nil if _, err := server.NewServer(opts); err == nil { t.Fatalf("Expected an error without an AccountResolver defined") @@ -614,7 +608,7 @@ func TestConnsRequestDoesNotLoadAccountCheckingConnLimits(t *testing.T) { sysJWT, sysKP := createAccountForConfig(t) sysPub, _ := sysKP.PublicKey() - // Do this account by nad to add in connection limits + // Do this account by hand to add in connection limits okp, _ := nkeys.FromSeed(oSeed) accKP, _ := nkeys.CreateAccount() accPub, _ := accKP.PublicKey() diff --git a/test/test.go b/test/test.go index b27a66058c1..1534cf325d0 100644 --- a/test/test.go +++ b/test/test.go @@ -278,11 +278,27 @@ func setupConnWithProto(t tLogger, c net.Conn, proto int) (sendFun, expectFun) { return sendCommand(t, c), expectCommand(t, c) } -func setupConnWithAccount(t tLogger, c net.Conn, account string) (sendFun, expectFun) { - checkInfoMsg(t, c) - cs := fmt.Sprintf("CONNECT {\"verbose\":%v,\"pedantic\":%v,\"tls_required\":%v,\"account\":%q}\r\n", false, false, false, account) +func setupConnWithAccount(t tLogger, s *server.Server, c net.Conn, account string) (sendFun, expectFun) { + info := checkInfoMsg(t, c) + s.RegisterAccount(account) + acc, err := s.LookupAccount(account) + if err != nil { + t.Fatalf("Unexpected Error: %v", err) + } + cs := fmt.Sprintf("CONNECT {\"verbose\":%v,\"pedantic\":%v,\"tls_required\":%v}\r\n", false, false, false) sendProto(t, c, cs) - return sendCommand(t, c), expectCommand(t, c) + + send, expect := sendCommand(t, c), expectCommand(t, c) + send("PING\r\n") + expect(pongRe) + + nc := s.GetClient(info.CID) + if nc == nil { + t.Fatalf("Could not get client for CID:%d", info.CID) + } + nc.RegisterUser(&server.User{Account: acc}) + + return send, expect } func setupConnWithUserPass(t tLogger, c net.Conn, username, password string) (sendFun, expectFun) {