Using AccountResolver url from operator jwt.

If resolver is specified separately, it takes precedence. nsc push automatically adds /accounts. That's why its added here too. Operator jwt reload is not supported and is not taken into account. On startup the AccountResolver url is checked and exits if it can't be reached. Signed-off-by: Matthias Hanel <mh@synadia.com>
2026-04-17 03:24:40 -07:00 · 2020-03-30 11:49:19 -04:00
parent b46a011c87
commit 8a75418386
1 changed files with 14 additions and 0 deletions
--- a/server/opts.go
+++ b/server/opts.go
@@ -697,7 +697,21 @@ func (o *Options) processConfigFileLine(k string, v interface{}, errors *[]error
 			}
 			o.TrustedOperators = append(o.TrustedOperators, opc)
 		}
+		// In case "resolver" is defined as well, it takes precedence
+		if o.AccountResolver == nil && len(o.TrustedOperators) == 1 {
+			if accUrl, err := parseURL(o.TrustedOperators[0].AccountServerURL, "account resolver"); err == nil {
+				// accommodate nsc which appends "/accounts" during nsc push
+				suffix := ""
+				if accUrl.Path == "/jwt/v1/" || accUrl.Path == "/jwt/v1" {
+					suffix = "/accounts"
+				}
+				o.AccountResolver, _ = NewURLAccResolver(accUrl.String() + suffix)
+			}
+		}
 	case "resolver", "account_resolver", "accounts_resolver":
+		// "resolver" takes precedence over value obtained from "operator".
+		// Clear so that parsing errors are not silently ignored.
+		o.AccountResolver = nil
 		var memResolverRe = regexp.MustCompile(`(MEM|MEMORY|mem|memory)\s*`)
 		var resolverRe = regexp.MustCompile(`(?:URL|url){1}(?:\({1}\s*"?([^\s"]*)"?\s*\){1})?\s*`)
 		str, ok := v.(string)