MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-29 14:17:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: support nats nkey seed auth (#21231)

Browse Source
This commit is contained in:
Matt Lloyd 2025-04-27 05:30:57 +01:00 committed by GitHub
parent f14198e3dc
commit 0e017ab071
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/config/notify/legacy.go
View File

@ -462,6 +462,10 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
Key: target.NATSToken, Key: target.NATSToken,
Value: cfg.Token, Value: cfg.Token,
}, },
config.KV{
Key: target.NATSNKeySeed,
Value: cfg.NKeySeed,
},
config.KV{ config.KV{
Key: target.NATSCertAuthority, Key: target.NATSCertAuthority,
Value: cfg.CertAuthority, Value: cfg.CertAuthority,

6
internal/config/notify/parse.go
View File

@ -989,6 +989,11 @@ func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s
tokenEnv = tokenEnv + config.Default + k tokenEnv = tokenEnv + config.Default + k
} }
nKeySeedEnv := target.EnvNATSNKeySeed
if k != config.Default {
nKeySeedEnv = nKeySeedEnv + config.Default + k
}
queueDirEnv := target.EnvNATSQueueDir queueDirEnv := target.EnvNATSQueueDir
if k != config.Default { if k != config.Default {
queueDirEnv = queueDirEnv + config.Default + k queueDirEnv = queueDirEnv + config.Default + k
@ -1025,6 +1030,7 @@ func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s
ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)), ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)), ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
Token: env.Get(tokenEnv, kv.Get(target.NATSToken)), Token: env.Get(tokenEnv, kv.Get(target.NATSToken)),
NKeySeed: env.Get(nKeySeedEnv, kv.Get(target.NATSNKeySeed)),
TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn, TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn,
TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn, TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn,
TLSHandshakeFirst: env.Get(tlsHandshakeFirstEnv, kv.Get(target.NATSTLSHandshakeFirst)) == config.EnableOn, TLSHandshakeFirst: env.Get(tlsHandshakeFirstEnv, kv.Get(target.NATSTLSHandshakeFirst)) == config.EnableOn,

10
internal/event/target/nats.go
View File

@ -45,6 +45,7 @@ const (
NATSUsername = "username" NATSUsername = "username"
NATSPassword = "password" NATSPassword = "password"
NATSToken = "token" NATSToken = "token"
NATSNKeySeed = "nkey_seed"
NATSTLS = "tls" NATSTLS = "tls"
NATSTLSSkipVerify = "tls_skip_verify" NATSTLSSkipVerify = "tls_skip_verify"
NATSTLSHandshakeFirst = "tls_handshake_first" NATSTLSHandshakeFirst = "tls_handshake_first"
@ -71,6 +72,7 @@ const (
NATSUserCredentials = "MINIO_NOTIFY_NATS_USER_CREDENTIALS" NATSUserCredentials = "MINIO_NOTIFY_NATS_USER_CREDENTIALS"
EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD" EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD"
EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN" EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN"
EnvNATSNKeySeed = "MINIO_NOTIFY_NATS_NKEY_SEED"
EnvNATSTLS = "MINIO_NOTIFY_NATS_TLS" EnvNATSTLS = "MINIO_NOTIFY_NATS_TLS"
EnvNATSTLSSkipVerify = "MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY" EnvNATSTLSSkipVerify = "MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY"
EnvNatsTLSHandshakeFirst = "MINIO_NOTIFY_NATS_TLS_HANDSHAKE_FIRST" EnvNatsTLSHandshakeFirst = "MINIO_NOTIFY_NATS_TLS_HANDSHAKE_FIRST"
@ -100,6 +102,7 @@ type NATSArgs struct {
UserCredentials string `json:"userCredentials"` UserCredentials string `json:"userCredentials"`
Password string `json:"password"` Password string `json:"password"`
Token string `json:"token"` Token string `json:"token"`
NKeySeed string `json:"nKeySeed"`
TLS bool `json:"tls"` TLS bool `json:"tls"`
TLSSkipVerify bool `json:"tlsSkipVerify"` TLSSkipVerify bool `json:"tlsSkipVerify"`
TLSHandshakeFirst bool `json:"tlsHandshakeFirst"` TLSHandshakeFirst bool `json:"tlsHandshakeFirst"`
@ -178,6 +181,13 @@ func (n NATSArgs) connectNats() (*nats.Conn, error) {
if n.Token != "" { if n.Token != "" {
connOpts = append(connOpts, nats.Token(n.Token)) connOpts = append(connOpts, nats.Token(n.Token))
} }
if n.NKeySeed != "" {
nkeyOpt, err := nats.NkeyOptionFromSeed(n.NKeySeed)
if err != nil {
return nil, err
}
connOpts = append(connOpts, nkeyOpt)
}
if n.Secure || n.TLS && n.TLSSkipVerify { if n.Secure || n.TLS && n.TLSSkipVerify {
connOpts = append(connOpts, nats.Secure(nil)) connOpts = append(connOpts, nats.Secure(nil))
} else if n.TLS { } else if n.TLS {

33
internal/event/target/nats_contrib_test.go
View File

@ -19,6 +19,8 @@ package target
import ( import (
"testing" "testing"
"github.com/nats-io/nats-server/v2/server"
xnet "github.com/minio/pkg/v3/net" xnet "github.com/minio/pkg/v3/net"
natsserver "github.com/nats-io/nats-server/v2/test" natsserver "github.com/nats-io/nats-server/v2/test"
) )
@ -96,3 +98,34 @@ func TestNatsConnToken(t *testing.T) {
} }
defer con.Close() defer con.Close()
} }
func TestNatsConnNKeySeed(t *testing.T) {
opts := natsserver.DefaultTestOptions
opts.Port = 14223
opts.Nkeys = []*server.NkeyUser{
{
// Not a real NKey
// Taken from https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/nkey_auth
Nkey: "UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4",
},
}
s := natsserver.RunServer(&opts)
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{
Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true,
},
Subject: "test",
NKeySeed: "testdata/contrib/test.nkey",
}
con, err := clientConfig.connectNats()
if err != nil {
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}

1
internal/event/target/testdata/contrib/test.nkey vendored Normal file
View File

@ -0,0 +1 @@
SUACSSL3UAHUDXKFSNVUZRF5UHPMWZ6BFDTJ7M6USDXIEDNPPQYYYCU3VY