Bad diagnostic for adding user without using signing-key when operator is strict_signing_key_usage - Githubissues

nats-io / nsc

Tool for creating nkey/jwt based configurations

Apache License 2.0

101 stars 44 forks source link

Bad diagnostic for adding user without using signing-key when operator is strict_signing_key_usage #628

Closed philpennock closed 5 months ago

philpennock commented 11 months ago

What version were you using?

nsc 2.8.4.

What environment was the server running in?

Linux/amd64 (Ubuntu 20.04 LTS)

Is this defect reproducible?

Yes.

Have an operator with the strict_signing_key_usage set to true. Optionally, forget that this is the case.
Create a new account.
Try to create a user in the account.
See an error about "any of the following" with nothing following

Given the capability you are leveraging, describe your expectation?

A diagnostic which points me in the right direction, along the lines of:

error: operator 'foobar' has strict_signing_key_usage set, refusing to add user to account 'baz' without an account signing key

Given the expectation, what is the defect you are observing?

$ nsc add user --name pt-second-pdp-2023-12-06
Error: unable to resolve any of the following signing keys in the keystore:
[error code 1] $