feat: add userCredentials for nats (#19139)

internal/config/notify/legacy.go

@@ -446,6 +446,10 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
 			Key:   target.NATSUsername,
 			Value: cfg.Username,
 		},
+		config.KV{
+			Key:   target.NATSUserCredentials,
+			Value: cfg.UserCredentials,
+		},
 		config.KV{
 			Key:   target.NATSPassword,
 			Value: cfg.Password,

internal/config/notify/parse.go

@@ -946,6 +946,11 @@ func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s
 			usernameEnv = usernameEnv + config.Default + k
 		}
 
+		userCredentialsEnv := target.NATSUserCredentials
+		if k != config.Default {
+			userCredentialsEnv = userCredentialsEnv + config.Default + k
+		}
+
 		passwordEnv := target.EnvNATSPassword
 		if k != config.Default {
 			passwordEnv = passwordEnv + config.Default + k
@@ -982,21 +987,22 @@ func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s
 		}
 
 		natsArgs := target.NATSArgs{
-			Enable:        true,
-			Address:       *address,
-			Subject:       env.Get(subjectEnv, kv.Get(target.NATSSubject)),
-			Username:      env.Get(usernameEnv, kv.Get(target.NATSUsername)),
-			Password:      env.Get(passwordEnv, kv.Get(target.NATSPassword)),
-			CertAuthority: env.Get(certAuthorityEnv, kv.Get(target.NATSCertAuthority)),
-			ClientCert:    env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
-			ClientKey:     env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
-			Token:         env.Get(tokenEnv, kv.Get(target.NATSToken)),
-			TLS:           env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn,
-			TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn,
-			PingInterval:  pingInterval,
-			QueueDir:      env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
-			QueueLimit:    queueLimit,
-			RootCAs:       rootCAs,
+			Enable:          true,
+			Address:         *address,
+			Subject:         env.Get(subjectEnv, kv.Get(target.NATSSubject)),
+			Username:        env.Get(usernameEnv, kv.Get(target.NATSUsername)),
+			UserCredentials: env.Get(userCredentialsEnv, kv.Get(target.NATSUserCredentials)),
+			Password:        env.Get(passwordEnv, kv.Get(target.NATSPassword)),
+			CertAuthority:   env.Get(certAuthorityEnv, kv.Get(target.NATSCertAuthority)),
+			ClientCert:      env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
+			ClientKey:       env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
+			Token:           env.Get(tokenEnv, kv.Get(target.NATSToken)),
+			TLS:             env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn,
+			TLSSkipVerify:   env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn,
+			PingInterval:    pingInterval,
+			QueueDir:        env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
+			QueueLimit:      queueLimit,
+			RootCAs:         rootCAs,
 		}
 		natsArgs.JetStream.Enable = env.Get(jetStreamEnableEnv, kv.Get(target.NATSJetStream)) == config.EnableOn
 

internal/event/target/nats.go

@@ -67,6 +67,7 @@ const (
 	EnvNATSAddress       = "MINIO_NOTIFY_NATS_ADDRESS"
 	EnvNATSSubject       = "MINIO_NOTIFY_NATS_SUBJECT"
 	EnvNATSUsername      = "MINIO_NOTIFY_NATS_USERNAME"
+	NATSUserCredentials  = "MINIO_NOTIFY_NATS_USER_CREDENTIALS"
 	EnvNATSPassword      = "MINIO_NOTIFY_NATS_PASSWORD"
 	EnvNATSToken         = "MINIO_NOTIFY_NATS_TOKEN"
 	EnvNATSTLS           = "MINIO_NOTIFY_NATS_TLS"
@@ -90,22 +91,23 @@ const (
 
 // NATSArgs - NATS target arguments.
 type NATSArgs struct {
-	Enable        bool      `json:"enable"`
-	Address       xnet.Host `json:"address"`
-	Subject       string    `json:"subject"`
-	Username      string    `json:"username"`
-	Password      string    `json:"password"`
-	Token         string    `json:"token"`
-	TLS           bool      `json:"tls"`
-	TLSSkipVerify bool      `json:"tlsSkipVerify"`
-	Secure        bool      `json:"secure"`
-	CertAuthority string    `json:"certAuthority"`
-	ClientCert    string    `json:"clientCert"`
-	ClientKey     string    `json:"clientKey"`
-	PingInterval  int64     `json:"pingInterval"`
-	QueueDir      string    `json:"queueDir"`
-	QueueLimit    uint64    `json:"queueLimit"`
-	JetStream     struct {
+	Enable          bool      `json:"enable"`
+	Address         xnet.Host `json:"address"`
+	Subject         string    `json:"subject"`
+	Username        string    `json:"username"`
+	UserCredentials string    `json:"userCredentials"`
+	Password        string    `json:"password"`
+	Token           string    `json:"token"`
+	TLS             bool      `json:"tls"`
+	TLSSkipVerify   bool      `json:"tlsSkipVerify"`
+	Secure          bool      `json:"secure"`
+	CertAuthority   string    `json:"certAuthority"`
+	ClientCert      string    `json:"clientCert"`
+	ClientKey       string    `json:"clientKey"`
+	PingInterval    int64     `json:"pingInterval"`
+	QueueDir        string    `json:"queueDir"`
+	QueueLimit      uint64    `json:"queueLimit"`
+	JetStream       struct {
 		Enable bool `json:"enable"`
 	} `json:"jetStream"`
 	Streaming struct {
@@ -167,6 +169,9 @@ func (n NATSArgs) connectNats() (*nats.Conn, error) {
 	if n.Username != "" && n.Password != "" {
 		connOpts = append(connOpts, nats.UserInfo(n.Username, n.Password))
 	}
+	if n.UserCredentials != "" {
+		connOpts = append(connOpts, nats.UserCredentials(n.UserCredentials))
+	}
 	if n.Token != "" {
 		connOpts = append(connOpts, nats.Token(n.Token))
 	}
@@ -211,6 +216,9 @@ func (n NATSArgs) connectStan() (stan.Conn, error) {
 	if n.Streaming.MaxPubAcksInflight > 0 {
 		connOpts = append(connOpts, stan.MaxPubAcksInflight(n.Streaming.MaxPubAcksInflight))
 	}
+	if n.UserCredentials != "" {
+		connOpts = append(connOpts, stan.NatsOptions(nats.UserCredentials(n.UserCredentials)))
+	}
 
 	return stan.Connect(n.Streaming.ClusterID, clientID, connOpts...)
 }