From 9cf5b3d50b39cb62e6e5924f3ab333a81f6b00e4 Mon Sep 17 00:00:00 2001 From: David Gurley Date: Thu, 29 Aug 2019 20:44:16 -0400 Subject: [PATCH 1/2] added credentials file option for external nats server --- server/conf.go | 5 +++ server/server.go | 84 ++++++++++++++++++++++++++---------------------- 2 files changed, 50 insertions(+), 39 deletions(-) diff --git a/server/conf.go b/server/conf.go index 20bd6488..b8f453b1 100644 --- a/server/conf.go +++ b/server/conf.go @@ -95,6 +95,11 @@ func ProcessConfigFile(configFile string, opts *Options) error { return err } opts.NATSServerURL = v.(string) + case "credentials": + if err := checkType(k, reflect.String, v); err != nil { + return err + } + opts.NATSServerCredentials = v.(string) case "secure": if err := checkType(k, reflect.Bool, v); err != nil { return err diff --git a/server/server.go b/server/server.go index d17235db..85f645fb 100644 --- a/server/server.go +++ b/server/server.go @@ -1253,36 +1253,37 @@ func (ss *subStore) LookupByAckInbox(ackInbox string) *subState { // Options for NATS Streaming Server type Options struct { - ID string - DiscoverPrefix string - StoreType string - FilestoreDir string - FileStoreOpts stores.FileStoreOptions - SQLStoreOpts stores.SQLStoreOptions + ID string + DiscoverPrefix string + StoreType string + FilestoreDir string + FileStoreOpts stores.FileStoreOptions + SQLStoreOpts stores.SQLStoreOptions stores.StoreLimits // Store limits (MaxChannels, etc..) - EnableLogging bool // Enables logging - CustomLogger logger.Logger // Server will start with the provided logger - Trace bool // Verbose trace - Debug bool // Debug trace - HandleSignals bool // Should the server setup a signal handler (for Ctrl+C, etc...) - Secure bool // Create a TLS enabled connection w/o server verification - ClientCert string // Client Certificate for TLS - ClientKey string // Client Key for TLS - ClientCA string // Client CAs for TLS - IOBatchSize int // Maximum number of messages collected from clients before starting their processing. - IOSleepTime int64 // Duration (in micro-seconds) the server waits for more message to fill up a batch. - NATSServerURL string // URL for external NATS Server to connect to. If empty, NATS Server is embedded. - ClientHBInterval time.Duration // Interval at which server sends heartbeat to a client. - ClientHBTimeout time.Duration // How long server waits for a heartbeat response. - ClientHBFailCount int // Number of failed heartbeats before server closes client connection. - FTGroupName string // Name of the FT Group. A group can be 2 or more servers with a single active server and all sharing the same datastore. - Partitioning bool // Specify if server only accepts messages/subscriptions on channels defined in StoreLimits. - SyslogName string // Optional name for the syslog (usueful on Windows when running several servers as a service) - Encrypt bool // Specify if server should encrypt messages payload when storing them - EncryptionCipher string // Cipher used for encryption. Supported are "AES" and "CHACHA". If none is specified, defaults to AES on platforms with Intel processors, CHACHA otherwise. - EncryptionKey []byte // Encryption key. The environment NATS_STREAMING_ENCRYPTION_KEY takes precedence and is the preferred way to provide the key. - Clustering ClusteringOptions - NATSClientOpts []nats.Option + EnableLogging bool // Enables logging + CustomLogger logger.Logger // Server will start with the provided logger + Trace bool // Verbose trace + Debug bool // Debug trace + HandleSignals bool // Should the server setup a signal handler (for Ctrl+C, etc...) + Secure bool // Create a TLS enabled connection w/o server verification + ClientCert string // Client Certificate for TLS + ClientKey string // Client Key for TLS + ClientCA string // Client CAs for TLS + IOBatchSize int // Maximum number of messages collected from clients before starting their processing. + IOSleepTime int64 // Duration (in micro-seconds) the server waits for more message to fill up a batch. + NATSServerURL string // URL for external NATS Server to connect to. If empty, NATS Server is embedded. + NATSServerCredentials string // Credentials file for connecting to external NATS Server. + ClientHBInterval time.Duration // Interval at which server sends heartbeat to a client. + ClientHBTimeout time.Duration // How long server waits for a heartbeat response. + ClientHBFailCount int // Number of failed heartbeats before server closes client connection. + FTGroupName string // Name of the FT Group. A group can be 2 or more servers with a single active server and all sharing the same datastore. + Partitioning bool // Specify if server only accepts messages/subscriptions on channels defined in StoreLimits. + SyslogName string // Optional name for the syslog (usueful on Windows when running several servers as a service) + Encrypt bool // Specify if server should encrypt messages payload when storing them + EncryptionCipher string // Cipher used for encryption. Supported are "AES" and "CHACHA". If none is specified, defaults to AES on platforms with Intel processors, CHACHA otherwise. + EncryptionKey []byte // Encryption key. The environment NATS_STREAMING_ENCRYPTION_KEY takes precedence and is the preferred way to provide the key. + Clustering ClusteringOptions + NATSClientOpts []nats.Option } // Clone returns a deep copy of the Options object. @@ -1302,16 +1303,17 @@ func (o *Options) Clone() *Options { // DefaultOptions are default options for the NATS Streaming Server var defaultOptions = Options{ - ID: DefaultClusterID, - DiscoverPrefix: DefaultDiscoverPrefix, - StoreType: DefaultStoreType, - FileStoreOpts: stores.DefaultFileStoreOptions, - IOBatchSize: DefaultIOBatchSize, - IOSleepTime: DefaultIOSleepTime, - NATSServerURL: "", - ClientHBInterval: DefaultHeartBeatInterval, - ClientHBTimeout: DefaultClientHBTimeout, - ClientHBFailCount: DefaultMaxFailedHeartBeats, + ID: DefaultClusterID, + DiscoverPrefix: DefaultDiscoverPrefix, + StoreType: DefaultStoreType, + FileStoreOpts: stores.DefaultFileStoreOptions, + IOBatchSize: DefaultIOBatchSize, + IOSleepTime: DefaultIOSleepTime, + NATSServerURL: "", + NATSServerCredentials: "", + ClientHBInterval: DefaultHeartBeatInterval, + ClientHBTimeout: DefaultClientHBTimeout, + ClientHBFailCount: DefaultMaxFailedHeartBeats, } // GetDefaultOptions returns default options for the NATS Streaming Server @@ -1433,6 +1435,10 @@ func (s *StanServer) createNatsClientConn(name string) (*nats.Conn, error) { ncOpts.Password = s.natsOpts.Password ncOpts.Token = s.natsOpts.Authorization + if s.opts.NATSServerCredentials != "" { + nats.UserCredentials(s.opts.NATSServerCredentials)(&ncOpts) + } + ncOpts.Name = fmt.Sprintf("_NSS-%s-%s", s.opts.ID, name) if err = nats.ErrorHandler(s.stanErrorHandler)(&ncOpts); err != nil { From 86de3a062d8a47b6bb305e8ab29ad8601ed22fb4 Mon Sep 17 00:00:00 2001 From: Ivan Kozlovic Date: Wed, 11 Sep 2019 10:55:24 -0600 Subject: [PATCH 2/2] Updates - Rename of the new option - Add config parsing tests - go fmt - Move setting of option prior to apply of NATSClientOpts Signed-off-by: Ivan Kozlovic --- server/conf.go | 8 ++-- server/conf_test.go | 4 ++ server/server.go | 88 ++++++++++++++++++------------------ test/configs/test_parse.conf | 1 + 4 files changed, 52 insertions(+), 49 deletions(-) diff --git a/server/conf.go b/server/conf.go index b8f453b1..69a682ac 100644 --- a/server/conf.go +++ b/server/conf.go @@ -95,11 +95,11 @@ func ProcessConfigFile(configFile string, opts *Options) error { return err } opts.NATSServerURL = v.(string) - case "credentials": - if err := checkType(k, reflect.String, v); err != nil { - return err + case "credentials": + if err := checkType(k, reflect.String, v); err != nil { + return err } - opts.NATSServerCredentials = v.(string) + opts.NATSCredentials = v.(string) case "secure": if err := checkType(k, reflect.Bool, v); err != nil { return err diff --git a/server/conf_test.go b/server/conf_test.go index 00628a4d..b5b2f06e 100644 --- a/server/conf_test.go +++ b/server/conf_test.go @@ -75,6 +75,9 @@ func TestParseConfig(t *testing.T) { if opts.ClientCA != "/path/to/client/ca_file" { t.Fatalf("Expected ClientCA to be %q, got %q", "/path/to/client/ca_file", opts.ClientCA) } + if opts.NATSCredentials != "credentials.creds" { + t.Fatalf("Expected Credentials to be %q, got %q", "credentials.creds", opts.NATSCredentials) + } if !opts.FileStoreOpts.CompactEnabled { t.Fatalf("Expected CompactEnabled to be true, got false") } @@ -477,6 +480,7 @@ func TestParseWrongTypes(t *testing.T) { expectFailureFor(t, "encrypt: 123", wrongTypeErr) expectFailureFor(t, "encryption_cipher: 123", wrongTypeErr) expectFailureFor(t, "encryption_key: 123", wrongTypeErr) + expectFailureFor(t, "credentials: 123", wrongTypeErr) } func expectFailureFor(t *testing.T, content, errorMatch string) { diff --git a/server/server.go b/server/server.go index b2c561fa..264cf2db 100644 --- a/server/server.go +++ b/server/server.go @@ -1260,37 +1260,37 @@ func (ss *subStore) LookupByAckInbox(ackInbox string) *subState { // Options for NATS Streaming Server type Options struct { - ID string - DiscoverPrefix string - StoreType string - FilestoreDir string - FileStoreOpts stores.FileStoreOptions - SQLStoreOpts stores.SQLStoreOptions + ID string + DiscoverPrefix string + StoreType string + FilestoreDir string + FileStoreOpts stores.FileStoreOptions + SQLStoreOpts stores.SQLStoreOptions stores.StoreLimits // Store limits (MaxChannels, etc..) - EnableLogging bool // Enables logging - CustomLogger logger.Logger // Server will start with the provided logger - Trace bool // Verbose trace - Debug bool // Debug trace - HandleSignals bool // Should the server setup a signal handler (for Ctrl+C, etc...) - Secure bool // Create a TLS enabled connection w/o server verification - ClientCert string // Client Certificate for TLS - ClientKey string // Client Key for TLS - ClientCA string // Client CAs for TLS - IOBatchSize int // Maximum number of messages collected from clients before starting their processing. - IOSleepTime int64 // Duration (in micro-seconds) the server waits for more message to fill up a batch. - NATSServerURL string // URL for external NATS Server to connect to. If empty, NATS Server is embedded. - NATSServerCredentials string // Credentials file for connecting to external NATS Server. - ClientHBInterval time.Duration // Interval at which server sends heartbeat to a client. - ClientHBTimeout time.Duration // How long server waits for a heartbeat response. - ClientHBFailCount int // Number of failed heartbeats before server closes client connection. - FTGroupName string // Name of the FT Group. A group can be 2 or more servers with a single active server and all sharing the same datastore. - Partitioning bool // Specify if server only accepts messages/subscriptions on channels defined in StoreLimits. - SyslogName string // Optional name for the syslog (usueful on Windows when running several servers as a service) - Encrypt bool // Specify if server should encrypt messages payload when storing them - EncryptionCipher string // Cipher used for encryption. Supported are "AES" and "CHACHA". If none is specified, defaults to AES on platforms with Intel processors, CHACHA otherwise. - EncryptionKey []byte // Encryption key. The environment NATS_STREAMING_ENCRYPTION_KEY takes precedence and is the preferred way to provide the key. - Clustering ClusteringOptions - NATSClientOpts []nats.Option + EnableLogging bool // Enables logging + CustomLogger logger.Logger // Server will start with the provided logger + Trace bool // Verbose trace + Debug bool // Debug trace + HandleSignals bool // Should the server setup a signal handler (for Ctrl+C, etc...) + Secure bool // Create a TLS enabled connection w/o server verification + ClientCert string // Client Certificate for TLS + ClientKey string // Client Key for TLS + ClientCA string // Client CAs for TLS + IOBatchSize int // Maximum number of messages collected from clients before starting their processing. + IOSleepTime int64 // Duration (in micro-seconds) the server waits for more message to fill up a batch. + NATSServerURL string // URL for external NATS Server to connect to. If empty, NATS Server is embedded. + NATSCredentials string // Credentials file for connecting to external NATS Server. + ClientHBInterval time.Duration // Interval at which server sends heartbeat to a client. + ClientHBTimeout time.Duration // How long server waits for a heartbeat response. + ClientHBFailCount int // Number of failed heartbeats before server closes client connection. + FTGroupName string // Name of the FT Group. A group can be 2 or more servers with a single active server and all sharing the same datastore. + Partitioning bool // Specify if server only accepts messages/subscriptions on channels defined in StoreLimits. + SyslogName string // Optional name for the syslog (usueful on Windows when running several servers as a service) + Encrypt bool // Specify if server should encrypt messages payload when storing them + EncryptionCipher string // Cipher used for encryption. Supported are "AES" and "CHACHA". If none is specified, defaults to AES on platforms with Intel processors, CHACHA otherwise. + EncryptionKey []byte // Encryption key. The environment NATS_STREAMING_ENCRYPTION_KEY takes precedence and is the preferred way to provide the key. + Clustering ClusteringOptions + NATSClientOpts []nats.Option } // Clone returns a deep copy of the Options object. @@ -1310,17 +1310,15 @@ func (o *Options) Clone() *Options { // DefaultOptions are default options for the NATS Streaming Server var defaultOptions = Options{ - ID: DefaultClusterID, - DiscoverPrefix: DefaultDiscoverPrefix, - StoreType: DefaultStoreType, - FileStoreOpts: stores.DefaultFileStoreOptions, - IOBatchSize: DefaultIOBatchSize, - IOSleepTime: DefaultIOSleepTime, - NATSServerURL: "", - NATSServerCredentials: "", - ClientHBInterval: DefaultHeartBeatInterval, - ClientHBTimeout: DefaultClientHBTimeout, - ClientHBFailCount: DefaultMaxFailedHeartBeats, + ID: DefaultClusterID, + DiscoverPrefix: DefaultDiscoverPrefix, + StoreType: DefaultStoreType, + FileStoreOpts: stores.DefaultFileStoreOptions, + IOBatchSize: DefaultIOBatchSize, + IOSleepTime: DefaultIOSleepTime, + ClientHBInterval: DefaultHeartBeatInterval, + ClientHBTimeout: DefaultClientHBTimeout, + ClientHBFailCount: DefaultMaxFailedHeartBeats, } // GetDefaultOptions returns default options for the NATS Streaming Server @@ -1430,6 +1428,10 @@ func (s *StanServer) createNatsClientConn(name string) (*nats.Conn, error) { var err error ncOpts := nats.DefaultOptions + if s.opts.NATSCredentials != "" { + nats.UserCredentials(s.opts.NATSCredentials)(&ncOpts) + } + for _, o := range s.opts.NATSClientOpts { o(&ncOpts) } @@ -1442,10 +1444,6 @@ func (s *StanServer) createNatsClientConn(name string) (*nats.Conn, error) { ncOpts.Password = s.natsOpts.Password ncOpts.Token = s.natsOpts.Authorization - if s.opts.NATSServerCredentials != "" { - nats.UserCredentials(s.opts.NATSServerCredentials)(&ncOpts) - } - ncOpts.Name = fmt.Sprintf("_NSS-%s-%s", s.opts.ID, name) if err = nats.ErrorHandler(s.stanErrorHandler)(&ncOpts); err != nil { diff --git a/test/configs/test_parse.conf b/test/configs/test_parse.conf index 086651f4..37f557e4 100644 --- a/test/configs/test_parse.conf +++ b/test/configs/test_parse.conf @@ -16,6 +16,7 @@ streaming: { encrypt: true encryption_cipher: "AES" encryption_key: "key" + credentials: "credentials.creds" store_limits: { max_channels: 11