feat: account signing keys in account status claims#164
Merged
choufraise merged 3 commits intomainfrom Mar 18, 2026
Merged
Conversation
The status signing key struct has not been populated since an unknown version of nAuth. Since we are planning on supporting multiple signing keys, including optional scope, this single signing key struct is no longer needed. Removing it. Fixes: #163 Signed-off-by: Thobias Karlsson <thobias.karlsson@gmail.com>
The currently used kuttl version 0.15.0 does not support `resourceRefs` nor `assertAll` in `TestAssert` CRD, hence bumping to (fixed) v0.24.0. kuttl only supports _one_ `TestAssert` resource per assertion file, hence merging duplicates to ensure all assertions are being validated. Using mise to install kuttl in github action e2e test workflow to ensure same version is being used in workflow as when running `mise nauth:e2e-test` locally. Signed-off-by: Thobias Karlsson <thobias.karlsson@gmail.com>
To ensure full transparency between Account JWT stored in NATS cluster and the Account CR, we should include the claimed signing keys in the `Account.status.claims` struct. The optional (user) scope of signing keys are actively ignored until fully supported (via e.g. #140). TODOs added for this in the right places. Closes: #162 Signed-off-by: Thobias Karlsson <thobias.karlsson@gmail.com>
choufraise
force-pushed
the
feat/status-claims-signing-keys
branch
from
4e67b92 to
4fb27af
Compare
henriropp
approved these changes
Mar 18, 2026
Contributor
henriropp
left a comment
henriropp
left a comment
There was a problem hiding this comment.
Looks good, just one question ...
internal/account/approvals/claims_test.TestClaims.account-limits.output.nauth.approved.yaml
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
status.signingKeyfrom Account CRDfeat: account signing keys in account status claims
To ensure full transparency between Account JWT stored in NATS cluster and the Account CR, we should include the claimed signing keys in the
Account.status.claimsstruct.The optional (user) scope of signing keys are actively ignored until fully supported (via e.g. #140). TODOs added for this in the right places.
Closes: #162
test: fix e2e kuttl test assertions
The currently used kuttl version 0.15.0 does not support
resourceRefsnorassertAllinTestAssertCRD, hence bumping to (fixed) v0.24.0.kuttl only supports one
TestAssertresource per assertion file, hence merging duplicates to ensure all assertions are being validated.Using mise to install kuttl in github action e2e test workflow to ensure same version is being used in workflow as when running
mise nauth:e2e-testlocally.feat: remove unused
status.signingKeyfrom Account CRDThe status signing key struct has not been populated since an unknown version of nAuth. Since we are planning on supporting multiple signing keys, including optional scope, this single signing key struct is no longer needed. Removing it.
Fixes: #163