Unable to add multiple trusted operators using a config file

[protochron]

Observed behavior

It looks like parsing the operators field in a config file is broken since it's trying to interpret the line as an []interface instead of []string.

This patch mostly ripped off from the implementation of the server_tags case shows a fix illustrating that the parser is misidentifying the type of the line:

index ac398823..414d2312 100644
--- a/server/opts.go
+++ b/server/opts.go
@@ -1195,6 +1195,22 @@ func (o *Options) processConfigFileLine(k string, v any, errors *[]error, warnin
            opFiles = append(opFiles, v)
        case []string:
            opFiles = append(opFiles, v...)
+       case []any:
+           for _, t := range v {
+               if token, ok := t.(token); ok {
+                   if ts, ok := token.Value().(string); ok {
+                       opFiles = append(opFiles, ts)
+                       continue
+                   } else {
+                       err := &configErr{tk, fmt.Sprintf("error parsing tags: unsupported type %T where string is expected", token)}
+                       *errors = append(*errors, err)
+                   }
+               } else {
+                   err := &configErr{tk, fmt.Sprintf("error parsing tags: unsupported type %T", t)}
+                   *errors = append(*errors, err)
+               }
+               break
+           }
        default:
            err := &configErr{tk, fmt.Sprintf("error parsing operators: unsupported type %T", v)}
            *errors = append(*errors, err)```

Running nats-server v2.10.18 with multiple operator JWTs defined as an array then works.

Expected behavior

The parser should correctly identify `operators: ["$jwt", "$jwt2"] as a valid configuration option so that you can add multiple trusted operators if needed.

Server and client version

nats-server: v2.10.18

Host environment

No response

Steps to reproduce

No response

[derekcollison]

Can you share an actual config file that is not working for you?

[protochron]

@derekcollison here's a minimal reproducible example using two operator JWTs

server_tags = ["test:value"]

operators: [
eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJFTUtZM1RDV01QSVRNTEpTUUtJT0dSNlk2TkRIU1BORkdDQk9NVTRFUU9PRkFMWTY1SE9RIiwiaWF0IjoxNzI0MzM1MDYxLCJpc3MiOiJPQVlOWUxBNzVVRkFEU0I2RjZLRVBOTTRNNURDTVBFSEdYTkZXU0xQR0hLRlU2RUNDSjZXUENJWiIsIm5hbWUiOiJ0ZXN0Iiwic3ViIjoiT0FZTllMQTc1VUZBRFNCNkY2S0VQTk00TTVEQ01QRUhHWE5GV1NMUEdIS0ZVNkVDQ0o2V1BDSVoiLCJuYXRzIjp7InNpZ25pbmdfa2V5cyI6WyJPQjJYNlhDU0tJRlhWSE4yVVlTSVVHRkRaSUpKWUQ3RktLSjJPNkpaNFVJWTZCSzNJVU1IR0dMUCJdLCJ0eXBlIjoib3BlcmF0b3IiLCJ2ZXJzaW9uIjoyfX0.oWHz2YMzhXR_Ug9XCVEhZE1iaUFZ1KhFTWbO-CBNpb0N5Kwb1rf6PoutoozSNH_snwOvpUTPmXZ6KSzl4YOIBg, eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJHVEY2RExRVkFMVUJTUU81VFNCNUNWQ1lLV0VQRzZCTzQyV1o1RVNLUlZBUjVZNURCUzVBIiwiaWF0IjoxNzI0MzM1MDY0LCJpc3MiOiJPQUxMWTdYSFFHN09UVE9VQlVKSzdJRFlSUlpJUEhPWkhLNlJIT0RKVUZTQkFDSTRUNldYVkNITCIsIm5hbWUiOiJ0ZXN0MiIsInN1YiI6Ik9BTExZN1hIUUc3T1RUT1VCVUpLN0lEWVJSWklQSE9aSEs2UkhPREpVRlNCQUNJNFQ2V1hWQ0hMIiwibmF0cyI6eyJzaWduaW5nX2tleXMiOlsiT0FUSFFIM0JQVkpPN0hHSFo1VUFPQUUzNUdaMlpDNVRRVEJGRENGVTJZRTQ2NDVOR1lZRk82RVkiXSwidHlwZSI6Im9wZXJhdG9yIiwidmVyc2lvbiI6Mn19.-1X9SSTeXZB3X-0J20f-lXPa0ftIToCtXDij-1L_4uSxCtP9nF2HxiLjm0-kg5b4RexkTKnmImjybZ-lVgWCBw
]

If you start the server with that config, you get an error along the lines of:

nats-server -js -c config.cfg
nats-server: resolver.conf:2:1: error parsing operators: unsupported type []interface {}

Reading the code in the parser, the intent is that the above should be interpreted as a []string, but that doesn't seem to work. I could be missing something, since it doesn't seem like there is another way of adding additional trusted operators to a NATS server, which isn't blocking me but is confusing if that's intended to be supported.

[derekcollison]

ok thanks. If you put "" around the jwts does it work?

[protochron]

Unfortunately no. That was the first thing I tried :D