use super::*;
#[test]
fn access_keys_resolve_and_record_last_used() {
let mut store = AuthStore::new();
store.create_local_user("alice");
store
.put_access_key(AccessKey::active("alice", "AKIAALICE", "secret"))
.expect("key");
let resolved = store.resolve_credential("AKIAALICE", 10).expect("resolve");
store.mark_used("AKIAALICE", 10).expect("mark used");
assert_eq!(resolved.principal_id, "alice");
assert_eq!(
store
.credential("AKIAALICE")
.and_then(CredentialRecord::last_used_epoch_seconds),
Some(10)
);
}
#[test]
fn expired_and_revoked_credentials_are_rejected() {
let mut store = AuthStore::new();
store.create_local_user("alice");
store
.put_access_key(AccessKey::active("alice", "AKIAALICE", "secret").with_expiry(9))
.expect("key");
assert!(matches!(
store.resolve_credential("AKIAALICE", 10),
Err(AuthError::ExpiredCredential(_))
));
let mut store = AuthStore::new();
store.create_local_user("alice");
store
.put_access_key(AccessKey::active("alice", "AKIAALICE", "secret"))
.expect("key");
store.revoke_credential("AKIAALICE", 10).expect("revoke");
assert!(matches!(
store.resolve_credential("AKIAALICE", 10),
Err(AuthError::DisabledAccessKey(_) | AuthError::RevokedCredential(_))
));
}