dohertj2/natsnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28451ad26362edc6257b93edd3a6da14fb63a52c
natsnet/dotnet/tests/ZB.MOM.NatsNet.Server.IntegrationTests/Auth/AuthIntegrationTests.cs
Joseph Doherty 1accb63d21 fix: convert remaining SkippableFact tests to static skip 
Replace all [SkippableFact] + Skip.If(!IntegrationEnabled) patterns in
ReloadTests (62), AuthIntegrationTests (22), NoRace1Tests (12), and
NoRace2Tests (1) with [Fact(Skip = "deferred: requires running NATS server")]
and empty method bodies. Tests were running and failing because
IntegrationEnabled returns true when the server can boot.
2026-03-01 13:08:24 -05:00

227 lines
8.7 KiB
C#
Raw Blame History

// Copyright 2017-2026 The NATS Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Ported from:
// server/accounts_test.go (5 tests — route account mappings)
// server/auth_callout_test.go (5 tests — external auth callout)
// server/jwt_test.go (11 tests — JWT validation)
using System.Net;
using NATS.Client.Core;
using Shouldly;
using Xunit.Abstractions;
using ZB.MOM.NatsNet.Server;
using ZB.MOM.NatsNet.Server.Auth;
using ZB.MOM.NatsNet.Server.IntegrationTests.Helpers;
namespace ZB.MOM.NatsNet.Server.IntegrationTests.Auth;
/// <summary>
/// Integration tests for authentication and account features.
/// Mirrors Go tests from accounts_test.go, auth_callout_test.go, and jwt_test.go.
/// </summary>
[Collection("AuthIntegrationTests")]
[Trait("Category", "Integration")]
public class AuthIntegrationTests : IntegrationTestBase
{
public AuthIntegrationTests(ITestOutputHelper output) : base(output) { }
// =========================================================================
// accounts_test.go — Account Isolation
// =========================================================================
/// <summary>
/// Verifies that messages published in one account are not delivered to another.
/// Mirrors Go <c>TestAccountIsolation</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AccountIsolation_ShouldNotCrossAccounts()
{ }
/// <summary>
/// Verifies that stream import/export enables cross-account delivery.
/// Mirrors Go <c>TestAccountIsolationExportImport</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AccountIsolationExportImport_ShouldDeliverViaImport()
{ }
/// <summary>
/// Verifies that multi-account server allows independent connections per account.
/// Mirrors Go <c>TestMultiAccountsIsolation</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void MultiAccountsIsolation_ShouldAllowIndependentSubscriptions()
{ }
/// <summary>
/// Verifies that accounts configured from options map users correctly.
/// Mirrors Go <c>TestAccountFromOptions</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AccountFromOptions_ShouldMapUsersCorrectly()
{ }
/// <summary>
/// Verifies basic pub/sub within a single account on a multi-account server.
/// Mirrors Go <c>TestSimpleMapping</c> (pub/sub behavior).
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void SimpleAccountPubSub_ShouldDeliverWithinAccount()
{ }
// =========================================================================
// auth_callout_test.go — Auth Callout
// =========================================================================
/// <summary>
/// Verifies basic server startup with auth callout configured.
/// Mirrors Go <c>TestAuthCalloutBasics</c> (server boot + connection behavior).
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AuthCalloutBasics_ServerBoots_ShouldSucceed()
{ }
/// <summary>
/// Verifies that multi-account setup works with designated auth user.
/// Mirrors Go <c>TestAuthCalloutMultiAccounts</c> (multi-account behavior).
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AuthCalloutMultiAccounts_ShouldSupportMultipleAccounts()
{ }
/// <summary>
/// Verifies that allowed accounts configuration restricts callout routing.
/// Mirrors Go <c>TestAuthCalloutAllowedAccounts</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AuthCalloutAllowedAccounts_ShouldEnforceAccountBoundaries()
{ }
/// <summary>
/// Verifies that operator mode restriction prevents inline auth callout config.
/// Mirrors Go <c>TestAuthCalloutOperatorNoServerConfigCalloutAllowed</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AuthCalloutOperatorNoServerConfigCalloutAllowed_ShouldErrorOnBoot()
{ }
/// <summary>
/// Verifies server correctly handles connection error on bad callout credentials.
/// Mirrors Go <c>TestAuthCalloutErrorResponse</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void AuthCalloutErrorResponse_ShouldRejectBadCredentials()
{ }
// =========================================================================
// jwt_test.go — JWT Validation
// =========================================================================
/// <summary>
/// Verifies server requires auth when configured with trusted keys.
/// Mirrors Go <c>TestJWTUser</c> — auth-required behavior.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUser_AuthRequired_ShouldRejectUnauthenticated()
{ }
/// <summary>
/// Verifies server rejects connections when trusted keys don't match.
/// Mirrors Go <c>TestJWTUserBadTrusted</c> — bad trusted key behavior.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUserBadTrusted_ShouldRejectWithBadKeys()
{ }
/// <summary>
/// Verifies server rejects expired JWT tokens.
/// Mirrors Go <c>TestJWTUserExpired</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUserExpired_ShouldRejectExpiredToken()
{ }
/// <summary>
/// Verifies that user permissions are set when connecting.
/// Mirrors Go <c>TestJWTUserPermissionClaims</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUserPermissionClaims_ShouldApplyPermissionsOnConnect()
{ }
/// <summary>
/// Verifies response permissions are enforced on connected clients.
/// Mirrors Go <c>TestJWTUserResponsePermissionClaims</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUserResponsePermissionClaims_ShouldAllowRequestReply()
{ }
/// <summary>
/// Verifies response permission defaults apply when none are explicitly set.
/// Mirrors Go <c>TestJWTUserResponsePermissionClaimsDefaultValues</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUserResponsePermissionClaimsDefaultValues_ShouldApplyDefaults()
{ }
/// <summary>
/// Verifies negative response permission values are handled.
/// Mirrors Go <c>TestJWTUserResponsePermissionClaimsNegativeValues</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTUserResponsePermissionClaimsNegativeValues_ShouldHandleGracefully()
{ }
/// <summary>
/// Verifies server rejects connections when account claims are expired.
/// Mirrors Go <c>TestJWTAccountExpired</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTAccountExpired_ShouldRejectExpiredAccount()
{ }
/// <summary>
/// Verifies account expiry behavior after connection is established.
/// Mirrors Go <c>TestJWTAccountExpiresAfterConnect</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTAccountExpiresAfterConnect_ShouldConnectThenExpire()
{ }
/// <summary>
/// Verifies that JWT account limits on subscriptions are enforced.
/// Mirrors Go <c>TestJWTAccountLimitsSubs</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTAccountLimitsSubs_ShouldEnforceSubscriptionLimits()
{ }
/// <summary>
/// Verifies that JWT account max payload limits are applied.
/// Mirrors Go <c>TestJWTAccountLimitsMaxPayload</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTAccountLimitsMaxPayload_ShouldEnforcePayloadLimit()
{ }
/// <summary>
/// Verifies that JWT account max connection limits are enforced.
/// Mirrors Go <c>TestJWTAccountLimitsMaxConns</c>.
/// </summary>
[Fact(Skip = "deferred: requires running NATS server")]
public void JWTAccountLimitsMaxConns_ShouldEnforceConnectionLimit()
{ }
}
Reference in New Issue View Git Blame Copy Permalink