Don't log error in legitimate nkey auth callout config case (4479). (#…

…4501) `Resolves #4479 ` In AuthCallout server-config system, a spurious error message would be generated on server reload in the edge case that the AuthCallout user is an NKEY and both User and NKEY account members are defined in the config.
nats-io · Sep 7, 2023 · 0b35767 · 0b35767
2 parents d07e8eb + 5519308
commit 0b35767
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/server/auth.go b/server/auth.go
@@ -279,7 +279,7 @@ func (s *Server) configureAuthorization() {
 	// Check for server configured auth callouts.
 	if opts.AuthCallout != nil {
 		s.mu.Unlock()
-		// Make sure we have a valid account and auth_users.
+		// Give operator log entries if not valid account and auth_users.
 		_, err := s.lookupAccount(opts.AuthCallout.Account)
 		s.mu.Lock()
 		if err != nil {
@@ -290,7 +290,8 @@ func (s *Server) configureAuthorization() {
 			var found bool
 			if len(s.users) > 0 {
 				_, found = s.users[u]
-			} else if len(s.nkeys) > 0 && !found {
+			}
+			if !found && len(s.nkeys) > 0 {
 				_, found = s.nkeys[u]
 			}
 			if !found {