nats-io / nsc

74%

main: 74%

LAST BUILD ON BRANCH fix-719

branch: fix-719

CHANGE BRANCH

x

Reset

• fix-719
• 0.0.2
• 0.0.3
• 0.1.0
• 0.1.1
• 0.1.10
• 0.1.2
• 0.1.3
• 0.1.4
• 0.1.5
• 0.1.6
• 0.1.7
• 0.1.8
• 0.1.9
• 0.2.0
• 0.2.1
• 0.2.10
• 0.2.12
• 0.2.2
• 0.2.4
• 0.2.6
• 0.3.0
• 0.3.10
• 0.3.12
• 0.3.14
• 0.3.16
• 0.3.2
• 0.3.4
• 0.3.6
• 0.3.8
• 0.4.0
• 652-tests
• DisallowBearerToken
• FIX-56
• JMS-FixTieredLimitsValidation
• abbrev-dir
• abbrev-import-accountsubjects
• activation-import-account
• activation_hash
• add-issue-forms
• add-operator-name-via-url
• add_dependabot
• alexbozhenko-patch-1
• all-dirs
• allow-non-prefix-streams
• allow-response-desc
• allowed-account-wildcard
• authcallout
• auto-creds
• bearer-token
• brew-as-artifact
• bruth-patch-1
• bump-deps
• bump-go
• bump-jwt
• bump_nats_cve_2025_04
• bumps
• check-mixed-keyring
• ci
• ci-upload-artifact
• cleanup-tests
• cli-ctx
• cli-isolation
• cliprompts-v2
• cluster-traffic
• conns
• copyright-fmt
• coverage
• create_fix
• cwd-awareness
• default-help
• delete-accounts
• delete-user
• dependabot/github_actions/actions/checkout-5
• dependabot/github_actions/actions/checkout-6
• dependabot/github_actions/actions/create-github-app-token-2
• dependabot/github_actions/actions/upload-artifact-5
• dependabot/go_modules/github.com/briandowns/spinner-1.23.2
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.10.2
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.10.25
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.10.4
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.2
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.3
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.4
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.5
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.6
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.7
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.8
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.9
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.1
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.7.4
• dependabot/go_modules/github.com/nats-io/nats-server/v2-2.9.23
• dependabot/go_modules/github.com/nats-io/nats.go-1.39.0
• dependabot/go_modules/github.com/nats-io/nats.go-1.39.1
• dependabot/go_modules/github.com/nats-io/nats.go-1.41.0
• dependabot/go_modules/github.com/nats-io/nats.go-1.41.1
• dependabot/go_modules/github.com/nats-io/nats.go-1.41.2
• dependabot/go_modules/github.com/nats-io/nats.go-1.42.0
• dependabot/go_modules/github.com/nats-io/nats.go-1.43.0
• dependabot/go_modules/github.com/nats-io/nats.go-1.44.0
• dependabot/go_modules/github.com/nats-io/nats.go-1.45.0
• dependabot/go_modules/github.com/nats-io/nats.go-1.46.1
• dependabot/go_modules/github.com/nats-io/nats.go-1.47.0
• dependabot/go_modules/github.com/nats-io/nkeys-0.4.10
• dependabot/go_modules/github.com/nats-io/nkeys-0.4.12
• dependabot/go_modules/github.com/nats-io/nkeys-0.4.6
• dependabot/go_modules/github.com/spf13/cobra-1.9.1
• dependabot/go_modules/github.com/spf13/pflag-1.0.6
• dependabot/go_modules/github.com/spf13/pflag-1.0.7
• dependabot/go_modules/github.com/stretchr/testify-1.11.0
• dependabot/go_modules/github.com/stretchr/testify-1.11.1
• dependabot/go_modules/github.com/ulikunitz/xz-0.5.14
• dependabot/go_modules/golang.org/x/crypto-0.17.0
• dependabot/go_modules/golang.org/x/crypto-0.45.0
• dependabot/go_modules/golang.org/x/net-0.17.0
• dependabot/go_modules/golang.org/x/net-0.38.0
• dependabot/go_modules/golang.org/x/net-0.7.0
• dependabot/go_modules/golang.org/x/text-0.22.0
• dependabot/go_modules/golang.org/x/text-0.24.0
• dependabot/go_modules/golang.org/x/text-0.25.0
• dependabot/go_modules/golang.org/x/text-0.26.0
• dependabot/go_modules/golang.org/x/text-0.27.0
• dependabot/go_modules/golang.org/x/text-0.28.0
• dependabot/go_modules/golang.org/x/text-0.30.0
• dependencies
• deps
• describe-decorations
• describe-max-ack-pending
• describe-raw
• describe-tiers
• disable-cgo
• disable-version-local-version-check
• docs
• edit-export
• edit-operator-signingkey
• edit-user-payload
• empty-key
• env-operator
• exorcise-jsm
• expirations
• export
• export-import-fixes
• expose-generate-profile
• fix-103
• fix-118
• fix-128
• fix-133
• fix-146
• fix-163
• fix-180
• fix-182
• fix-190
• fix-200
• fix-205
• fix-210
• fix-218
• fix-222
• fix-225
• fix-236
• fix-38
• fix-398
• fix-40
• fix-428
• fix-46
• fix-47
• fix-491
• fix-492
• fix-498
• fix-504
• fix-505
• fix-508
• fix-510
• fix-513
• fix-521
• fix-559
• fix-563
• fix-569
• fix-571
• fix-578
• fix-585
• fix-62
• fix-628
• fix-631
• fix-633
• fix-635
• fix-639
• fix-647
• fix-652
• fix-657
• fix-660
• fix-684
• fix-687
• fix-69-68
• fix-746
• fix-775
• fix-79
• fix-86
• fix-88
• fix-95
• fix-account-payload-edit-message
• fix-conn-type
• fix-creds-migration
• fix-crypto-cve
• fix-data-dir-conf
• fix-disconnect-close-messages
• fix-env
• fix-expiration
• fix-generate-resolver
• fix-goreleaser-brew-versions
• fix-issue-config-discussions-link
• fix-linter
• fix-listing
• fix-readaccount
• fix-reissue-operator
• fix-sk-conn-type
• fixes
• flag-val
• fmt
• friendly-names
• friendly-names-import
• generate_docs
• go_nats_18
• gomod
• goreleaser
• goreleaser-change
• handle-account-cluster-flags
• help
• help-text
• homebrew-goreleaser
• import-changes
• import-export-keys
• import-keys
• import-operator-url
• improve-error-reports
• init-changes
• init-cmd
• init-messages
• initialtime
• install-fixes
• jwt-bump
• jwt-update
• jwt2
• key-info
• key-selection
• keyring
• latency-metrics-changes
• list-describe-operator
• list-flag
• list-keys
• load-profile
• local-remote
• main
• master
• max-responses
• mem-resolver-config
• mem-resolver-inline
• migrate-deploy
• mod_update
• more-cover
• multi-resolve
• nkey-config
• nkey-gen
• no-bare-args
• normalize-delete-imports-exports
• normalize-signer-key
• normalize-status
• normalize-synadia-operator
• nsc-init-msg
• nsc-load-cmd
• nsc-load-natscontext
• nsc-vcsinfo
• nsc_package
• operator-deploy
• operator-limits
• operator-name-resolve
• operator-service-urls
• operators
• pdp/2.7-backport-releng-fixes
• pdp/27-backport-jwtv1-fix
• pdp/bump-dependencies
• pdp/ceo-wants-sh
• pdp/fix-generate-creds-usage
• pdp/genprof-fixoperator
• pdp/gha
• pdp/goreleaser-update
• pdp/nsc-deeper-v2
• pdp/nsc-version-v2
• pdp/nuke-jwt-v1
• pdp/release-tools-treadwater
• pdp/staticcheck-202211
• pdp/yaml-engineering
• pull
• pull-safety
• push-activation
• push-message
• quieteditaccount
• quietmode
• random-operator-name
• readme-updates
• reissue-accounts
• reissue-key
• rel-2.7
• relax-expirations
• relax-semserver-parse
• release/v2.7.0
• release/v2.7.6
• remove-account-restriction
• remove-shortcodes
• remove-vendored-deps
• reqsub-tool-encrypt
• resp-perm-defaults
• response-perms
• response-type
• retract-tags
• reverse-op-lookup
• revert-668
• revocation
• role-description
• rtt
• sasbury
• sasbury_misc
• sattwood/homebrew-config
• select
• self-sign-migrate
• self-update
• short-codes
• show-server-messages
• signerparam-validation
• signing-key-req
• star_in_init
• status-messages
• stdout
• stream-limits
• sync-cmd
• sys-account
• tags
• test-512
• test-546
• test-out
• test-output
• tls-first
• tmp-jaime
• tools
• tracing
• unbreak-release-signing
• undo-autodoc
• update-cliprompts
• update-deps
• update-deps-md
• update-jwt
• update-nats
• v0.0.4
• v0.0.5
• v0.0.8
• v1.0.8
• wallyqs-patch-1
• wide_fix
• windows
• windows-tests
• ws-resolver
• xkey

Build # 14134387610

Build Type

Pull #725

github

Committed by aricart

Commit Message

Add stricter validation for signing keys in push/pull commands

[CHANGE] for accounts that have operators with strict signing keys, if the account only uses scoped signing key - the command will require the system user to be specified, previously it selected the first key, which may or not have the correct permissions.

This update adds comprehensive tests and improved validation logic to handle signing keys when pushing or pulling configurations. The changes ensure proper differentiation between scoped and non-scoped keys and provide clearer error messages when required keys are missing or improperly configured.

Signed-off-by: Alberto Ricart <alberto@synadia.com>

Pull Request Pull Request #725: Add stricter validation for signing keys in push/pull commands

Run Details

15 of 17 new or added lines in 1 file covered. (88.24%)

13059 of 17612 relevant lines covered (74.15%)

1.76 hits per line