Closed kimjarvis closed 1 year ago
See https://github.com/nats-io/nsc/issues/577 - the issue here is your operator at the account level should have been imported to mark it as a managed operator
- when the operator is not managed, the requirement is that issuer keys at the appropriate level are available. Account CRUD require Operator Keys, User CRUD require account keys.
See https://github.com/nats-io/nsc/issues/577 for more information.
nsc add export
attempts to validate the account and operator nkeys in the local keystore, but in the self service deployment model the local keystore does not contain the private key of the account or the operator.In this example we add a public stream on the client as described here Adding a Public Stream Export. Similar errors occur when adding a private stream and when exporting both public and private services from the account.
In the self service model, the administrator creates an account for the client to import. The client first import the operator JWT, then the account JWT. In the self service model, the account nkeys are not available in the client's local keystore. The operator and account nkeys are private to to the administrator. The
nsc add export
command should not attempt to validate the account nkey in the local keystore because they may not be present.This ticket is similar to #577.