Looking up system_account from operator jwt

Signed-off-by: Matthias Hanel <mh@synadia.com>

server/opts.go

@@ -705,15 +705,17 @@ func (o *Options) processConfigFileLine(k string, v interface{}, errors *[]error
 			}
 			o.TrustedOperators = append(o.TrustedOperators, opc)
 		}
-		// In case "resolver" is defined as well, it takes precedence
-		if o.AccountResolver == nil && len(o.TrustedOperators) == 1 {
-			if accUrl, err := parseURL(o.TrustedOperators[0].AccountServerURL, "account resolver"); err == nil {
-				// accommodate nsc which appends "/accounts" during nsc push
-				suffix := ""
-				if accUrl.Path == "/jwt/v1/" || accUrl.Path == "/jwt/v1" {
-					suffix = "/accounts"
+		if len(o.TrustedOperators) == 1 {
+			// In case "resolver" is defined as well, it takes precedence
+			if o.AccountResolver == nil {
+				if accUrl, err := parseURL(o.TrustedOperators[0].AccountServerURL, "account resolver"); err == nil {
+					// nsc automatically appends "/accounts" during nsc push
+					o.AccountResolver, _ = NewURLAccResolver(accUrl.String() + "/accounts")
 				}
-				o.AccountResolver, _ = NewURLAccResolver(accUrl.String() + suffix)
+			}
+			// In case "system_account" is defined as well, it takes precedence
+			if o.SystemAccount == "" {
+				o.SystemAccount = o.TrustedOperators[0].SystemAccount
 			}
 		}
 	case "resolver", "account_resolver", "accounts_resolver":

server/opts_test.go

@@ -2592,3 +2592,23 @@ func TestNoAuthUserCode(t *testing.T) {
 	}
 
 }
+
+func TestReadOperatorJWT(t *testing.T) {
+	confFileName := createConfFile(t, []byte(`
+		listen: "127.0.0.1:-1"
+		operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJJVEdJNjNCUUszM1VNN1pBSzZWT1RXNUZEU01ESlNQU1pRQ0RMNUlLUzZQTVhBU0ROQ01RIiwiaWF0IjoxNTg5ODM5MjA1LCJpc3MiOiJPQ1k2REUyRVRTTjNVT0RGVFlFWEJaTFFMSTdYNEdTWFI1NE5aQzRCQkxJNlFDVFpVVDY1T0lWTiIsIm5hbWUiOiJPUCIsInN1YiI6Ik9DWTZERTJFVFNOM1VPREZUWUVYQlpMUUxJN1g0R1NYUjU0TlpDNEJCTEk2UUNUWlVUNjVPSVZOIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6eyJhY2NvdW50X3NlcnZlcl91cmwiOiJodHRwOi8vbG9jYWxob3N0OjgwMDAvand0L3YxIiwib3BlcmF0b3Jfc2VydmljZV91cmxzIjpbIm5hdHM6Ly9sb2NhbGhvc3Q6NDIyMiJdLCJzeXN0ZW1fYWNjb3VudCI6IkFEWjU0N0IyNFdIUExXT0s3VE1MTkJTQTdGUUZYUjZVTTJOWjRISE5JQjdSREZWWlFGT1o0R1FRIn19.3u710KqMLwgXwsMvhxfEp9xzK84XyAZ-4dd6QY0T6hGj8Bw9mS-HcQ7HbvDDNU01S61tNFfpma_JR6LtB3ixBg
+	`))
+	defer os.Remove(confFileName)
+	opts, err := ProcessConfigFile(confFileName)
+	if err != nil {
+		t.Fatalf("Received unexpected error %s", err)
+	}
+	if opts.SystemAccount != "ADZ547B24WHPLWOK7TMLNBSA7FQFXR6UM2NZ4HHNIB7RDFVZQFOZ4GQQ" {
+		t.Fatalf("Expected different SystemAccount: %s", opts.SystemAccount)
+	}
+	if r, ok := opts.AccountResolver.(*URLAccResolver); !ok {
+		t.Fatalf("Expected different SystemAccount: %s", opts.SystemAccount)
+	} else if r.url != "http://localhost:8000/jwt/v1/accounts/" {
+		t.Fatalf("Expected different SystemAccount: %s", r.url)
+	}
+}