If the store directory is not set correctly, nsc env -o <operators> silently fails. An error like "No operator found in directory <dir> would be helpful.

If an account key specified but the prompts are canceled, key verification results in a panic.

fails with message "account with public key is not in the store"
User must be added with the account key first, and then edited with the signing key for the error to happen.

edit account started asking for an operator key to sign the change in an ngs project

This should be enough, if no .nsc file should still work.

This may have been fixed in more recent version. For tracking purposes.

IvanMBP:ngs ivan$ ngs --version
ngs version 0.2.3

Signed up with free account, then:

IvanMBP:ngs ivan$ ngs list operators
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x130bc25]

goroutine 1 [running]:
github.com/nats-io/jwt.(*GenericClaims).Claims(0x0, 0xc0001a2080)
    /home/travis/gopath/pkg/mod/github.com/nats-io/[email protected]/genericlaims.go:33 +0x5
github.com/nats-io/nsc/cmd.listEntities(0x169e4b0, 0x9, 0xc00009a778, 0x1, 0x1, 0xc000098fd6, 0x7, 0x1, 0xc0001a2000)
    /home/travis/gopath/pkg/mod/github.com/nats-io/[email protected]/cmd/listoperators.go:177 +0x529
github.com/nats-io/nsc/cmd.createListOperatorsCmd.func1(0xc00017e280, 0x1bb6400, 0x0, 0x0, 0x0, 0x0)
    /home/travis/gopath/pkg/mod/github.com/nats-io/[email protected]/cmd/listoperators.go:69 +0x2ae
github.com/spf13/cobra.(*Command).execute(0xc00017e280, 0x1bb6400, 0x0, 0x0, 0xc00017e280, 0x1bb6400)
    /home/travis/gopath/pkg/mod/github.com/spf13/[email protected]/command.go:762 +0x473
github.com/spf13/cobra.(*Command).ExecuteC(0x1b8e9e0, 0xc00009a010, 0x1743340, 0xc00009a010)
    /home/travis/gopath/pkg/mod/github.com/spf13/[email protected]/command.go:852 +0x2fd
github.com/spf13/cobra.(*Command).Execute(0x1b8e9e0, 0x1743340, 0xc00009a010)
    /home/travis/gopath/pkg/mod/github.com/spf13/[email protected]/command.go:800 +0x2b
main.main()
    /home/travis/gopath/src/github.com/ConnectEverything/ngs/ngs/main.go:55 +0x276

-----BEGIN SYNADIA OPERATOR JWT-----
eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJhdWQiOiJOR1MiLCJleHAiOjE1NzUyOTQ2NzMsImp0aSI6IkNGRkFBSFNJR0dHUjNSRFVRUjNRVDI2QjRRV002S0JNTElFUFRUM1pGSE9PR0Y3REM0S0EiLCJpYXQiOjE1NDM3NTg2NzMsImlzcyI6Ik9ETEMyMk5JUVE1VTRKNlpEVFZPRktURVg0Rjc3RTdUVk0yUkhXU0c3TjI2NllPVktUUkk0RVdYIiwibmFtZSI6IlN5bmFkaWEgQ29tbXVuaWNhdGlvbnMgSW5jLiIsIm5iZiI6MTU0Mzc1ODY3Mywic3ViIjoiT0RMQzIyTklRUTVVNEo2WkRUVk9GS1RFWDRGNzdFN1RWTTJSSFdTRzdOMjY2WU9WS1RSSTRFV1giLCJ0eXBlIjoib3BlcmF0b3IiLCJuYXRzIjp7InNpZ25pbmdfa2V5cyI6WyJPRFNLQVlVNUpSTVhMRlhGSlU3WTczUE5OMjJaVFhDVlRWQTI2VlZMVkgyQ05NNlFWMlZCSk1JTyIsIk9EU0tCTkRJVDNMVFpXRlNSQVdPQlhTQlo3VlpDRFFWVTZUQkpYM1RRR1lYVVdSVTQ2QU5KSlM0IiwiT0RTS0NOSTVNTFNXTlBTNEdJQ0pHMktISk9DTEhaV1BPQlROVUIyNDVBTkNPQlg3VklRNk1BWkQiXX19.D7vumb116GzwFmTpiTlTVogYxnbfTWhW-luLF6Zjame-Tk86JK9HhXutqzdbmOEkQG3SUqzKJBH840r3GIBmBA
------END SYNADIA OPERATOR JWT------

I find some commands want -n for name and some want -u for user, but both mean same thing. Be good to be consistent.

This should be nsc generate creds to be consistent.

Might be helpful.

func LoadStore(dir string) (*Store, error) {
sf := filepath.Join(dir, NSCFile)
if _, err := os.Stat(sf); os.IsNotExist(err) {
return nil, fmt.Errorf("%q is not a valid configuration directory", sf)
}

should be dir instead of sf in the error

Can run nsc describe -f user.creds for the creds file to show what is in a users credentials file.

If an operator has signing keys, and the tool can find all the seeds for the master and the signing keys, allow the user to select which key to use to sign the account jwt.

This should work IMO

> nsc list users -a demo
Error: unknown shorthand flag: 'a' in -a
Usage:
  nsc list users [flags]

Flags:
  -h, --help   help for users

Global Flags:
  -i, --interactive          ask questions for various settings
  -W, --long-ids             display long ids
  -K, --private-key string   private key

When generating one it prints it out by default, but when adding one does not give an option to add it directly as input, only takes file or url. Should be able to avoid writing to a file for import and take the value of encoded JWT directly.

nsc describe -f <operator.jwt> seems to work.

But simple nsc describe operator fails
Error: error reading root: illegal base64 data at input byte 22

logging: {
Time: true
Debug: true
Trace: true
Colors: true
PID: true
}

this goes in the service config at the same level as the operator key

set default operator limits to:

empty for managed accounts
infinity for non-managed account

tool just copies export subject which is incorrect. Needs to take subject from command line or interactive mode and make sure its a strict subset or direct literal match.

This is blocking me.

It asks for account even though default set.
At least could select default one

~/.nkeys/synadia/accounts/system> nsc env --account system
╭──────────────────────────────────────────╮
│             NSC Environment              │
├──────────────────┬─────┬─────────────────┤
│ Setting          │ Set │ Effective Value │
├──────────────────┼─────┼─────────────────┤
│ $NKEYS_PATH      │ No  │ ~/.nkeys        │
│ $NSC_HOME        │ No  │ ~/.nsc          │
│ Config           │     │ ~/.nsc/nsc.json │
├──────────────────┼─────┼─────────────────┤
│ Stores Dir       │     │ ~/.nsc/nats     │
│ Default Operator │     │ synadia         │
│ Default Account  │     │ system          │
│ Default Cluster  │     │                 │
╰──────────────────┴─────┴─────────────────╯

~/.nkeys/synadia/accounts/system> nsc list users
╭────────────────────────────────────────────────────────────────────────╮
│                                 Users                                  │
├─────────────┬──────────────────────────────────────────────────────────┤
│ Name        │ Public Key                                               │
├─────────────┼──────────────────────────────────────────────────────────┤
│ ngs_server  │ UCJX2PK7F3DXAYSBMGOCECSRZFIV7EVN6VCEG7KYP4FLVTRVGLCMXSKF │
│ test_system │ UBW3GQ3AGWDSYSTFQT4PYJPZF2JVQRXSSPWPMO2AZ23Z2WU2CH3SUY6I │
╰─────────────┴──────────────────────────────────────────────────────────╯

~/.nkeys/synadia/accounts/system> nsc add user -i
? user name ping_user
? generate an user nkey Yes
? select account  [Use arrows to move, type to filter]
> demos
  synadia
  system```

nsc env --account synadia_account [0]
╭───────────────────────────────────────────────────╮
│ NSC Environment │
├──────────────────┬─────┬──────────────────────────┤
│ Setting │ Set │ Effective Value │
├──────────────────┼─────┼──────────────────────────┤
│ $NKEYS_PATH │ No │ /Users/sasbury/.nkeys │
│ $NSC_HOME │ No │ /Users/sasbury/.nsc │
├──────────────────┼─────┼──────────────────────────┤
│ Stores Dir │ │ /Users/sasbury/.nsc/nats │
│ Default Operator │ │ synadia_operator │
│ Default Account │ │ test_account │
│ Default Cluster │ │ │
╰──────────────────┴─────┴──────────────────────────╯

When importing a token, if the account issuer is set the import must set the src account to IssuerAccount.

nsc is not able to import public imports

now that to means local for stream and remote for service the describe account table is confusing.

We should print local/remote in the header and flip the content for services.

Right now the jwts are not valid against new encoding scheme.

Used -i version and wanted to update max connections but could not.

Interactive mode panics

full flags has asymmetry with source account being a single friendly name and the target account needing to be a path to the nkey. Should be just simple name too.

Pull public key from JWT, don't require nkey entry.

This should work.

Error: accepts at most 0 arg(s), received 1

Should not have to put -u, or -a or -n before last arg.

Recent builds ignore the -K flag and ask you to enter path to the keyfile.

Command line flags should override.

On entering through the prompt, the input does not properly expand ~ and concats to CWD.