mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Update help messages with new wording (#8616)
Final update to all messages across sub-systems after final review, the only change here is that NATS now has TLS and TLSSkipVerify to be consistent for all other notification targets.
This commit is contained in:
parent
f1e2e1cc9e
commit
476111968a
@ -94,7 +94,7 @@ func initHelp() {
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.KmsVaultSubSys,
|
||||
Description: "enable external HashiCorp Vault for KMS",
|
||||
Description: "enable external HashiCorp Vault key management service",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.LoggerWebhookSubSys,
|
||||
@ -138,17 +138,12 @@ func initHelp() {
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.NotifyMySQLSubSys,
|
||||
Description: "publish bucket notifications to MySQL endpoints",
|
||||
Description: "publish bucket notifications to MySQL databases",
|
||||
MultipleTargets: true,
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.NotifyPostgresSubSys,
|
||||
Description: "publish bucket notifications to Postgres endpoints",
|
||||
MultipleTargets: true,
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.NotifyRedisSubSys,
|
||||
Description: "publish bucket notifications to Redis endpoints",
|
||||
Description: "publish bucket notifications to Postgres databases",
|
||||
MultipleTargets: true,
|
||||
},
|
||||
config.HelpKV{
|
||||
@ -156,6 +151,11 @@ func initHelp() {
|
||||
Description: "publish bucket notifications to Elasticsearch endpoints",
|
||||
MultipleTargets: true,
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.NotifyRedisSubSys,
|
||||
Description: "publish bucket notifications to Redis datastores",
|
||||
MultipleTargets: true,
|
||||
},
|
||||
}
|
||||
|
||||
if globalIsXL {
|
||||
|
@ -491,8 +491,14 @@ func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (Targets, error) {
|
||||
if !strings.HasPrefix(hkv.Key, subSysPrefix) {
|
||||
continue
|
||||
}
|
||||
if c[hkv.Key][Default].Empty() {
|
||||
targets = append(targets, Target{
|
||||
SubSystem: hkv.Key,
|
||||
KVS: defaultKVS[hkv.Key],
|
||||
})
|
||||
}
|
||||
for k, kvs := range c[hkv.Key] {
|
||||
for _, dkv := range defaultKVS[subSysPrefix] {
|
||||
for _, dkv := range defaultKVS[hkv.Key] {
|
||||
_, ok := kvs.Lookup(dkv.Key)
|
||||
if !ok {
|
||||
kvs.Set(dkv.Key, dkv.Value)
|
||||
|
@ -28,13 +28,13 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: PathPrefix,
|
||||
Description: `default etcd path prefix to populate all IAM assets eg: "customer/"`,
|
||||
Description: `namespace prefix to isolate tenants e.g. "customer1/"`,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: CoreDNSPath,
|
||||
Description: `default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
|
||||
Description: `shared bucket DNS records, default is "/skydns"`,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
|
@ -28,36 +28,36 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: UsernameFormat,
|
||||
Description: `AD/LDAP format of full username DN e.g. "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
|
||||
Description: `username bind DNs e.g. "uid=%s,cn=accounts,dc=myldapserver,dc=com"`,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: GroupSearchFilter,
|
||||
Description: `search filter to find groups of a user (optional) e.g. "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
|
||||
Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: GroupNameAttribute,
|
||||
Description: `attribute of search results to use as group name (optional) e.g. "cn"`,
|
||||
Description: `search attribute for group name e.g. "cn"`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: GroupSearchBaseDN,
|
||||
Description: `base DN in AD/LDAP hierarchy to use in search requests (optional) e.g. "dc=myldapserver,dc=com"`,
|
||||
Description: `group search base DNs e.g. "dc=myldapserver,dc=com"`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: STSExpiry,
|
||||
Description: `AD/LDAP STS credentials validity duration e.g. "1h"`,
|
||||
Description: `temporary credentials validity duration in s,m,h,d. Default is "1h"`,
|
||||
Optional: true,
|
||||
Type: "duration",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: TLSSkipVerify,
|
||||
Description: "enable this to disable client verification of server certificates",
|
||||
Description: `trust server TLS without verification, defaults to "on" (verify)`,
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
|
@ -28,13 +28,13 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: ClientID,
|
||||
Description: `client identifier of the authenticating party at the identity provider`,
|
||||
Description: `unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"`,
|
||||
Type: "string",
|
||||
Optional: true,
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: ClaimPrefix,
|
||||
Description: `openid JWT claim namespace prefix e.g. "customer"`,
|
||||
Description: `JWT claim namespace prefix e.g. "customer1"`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
|
@ -21,8 +21,46 @@ import (
|
||||
"github.com/minio/minio/pkg/event/target"
|
||||
)
|
||||
|
||||
const (
|
||||
formatComment = `'namespace' reflects current bucket/object list and 'access' reflects a journal of object operations, defaults to 'namespace'`
|
||||
queueDirComment = `staging dir for undelivered messages e.g. '/home/events'`
|
||||
queueLimitComment = `maximum limit for undelivered messages, defaults to '10000'`
|
||||
)
|
||||
|
||||
// Help template inputs for all notification targets
|
||||
var (
|
||||
HelpWebhook = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.WebhookEndpoint,
|
||||
Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.WebhookAuthToken,
|
||||
Description: "opaque string or JWT authorization token",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.WebhookQueueDir,
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.WebhookQueueLimit,
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
Optional: true,
|
||||
Type: "sentence",
|
||||
},
|
||||
}
|
||||
|
||||
HelpAMQP = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.AmqpURL,
|
||||
@ -37,7 +75,7 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpExchangeType,
|
||||
Description: "kind of AMQP exchange type",
|
||||
Description: "AMQP exchange type",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
@ -49,49 +87,49 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpMandatory,
|
||||
Description: "set this to 'on' for server to return an unroutable message with a Return method. If this flag is 'off', the server silently drops the message",
|
||||
Description: "quietly ignore undelivered messages when set to 'off', default is 'on'",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpDurable,
|
||||
Description: "set this to 'on' for queue to survive broker restarts",
|
||||
Description: "persist queue across broker restarts when set to 'on', default is 'off'",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpNoWait,
|
||||
Description: "when no_wait is 'on', declare without waiting for a confirmation from the server",
|
||||
Description: "non-blocking message delivery when set to 'on', default is 'off'",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpInternal,
|
||||
Description: "set this to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
|
||||
Description: "set to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpAutoDeleted,
|
||||
Description: "set this to 'on' for queue that has had at least one consumer is deleted when last consumer unsubscribes",
|
||||
Description: "auto delete queue when set to 'on', when there are no consumers",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpDeliveryMode,
|
||||
Description: "delivery queue implementation use non-persistent (1) or persistent (2)",
|
||||
Description: "set to '1' for non-persistent or '2' for persistent queue",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.AmqpQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
@ -135,46 +173,46 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaSASL,
|
||||
Description: "set this to 'on' to enable SASL authentication",
|
||||
Description: "set to 'on' to enable SASL authentication",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaTLS,
|
||||
Description: "set this to 'on' to enable TLS",
|
||||
Description: "set to 'on' to enable TLS",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaTLSSkipVerify,
|
||||
Description: "set this to 'on' to disable client verification of server certificate chain",
|
||||
Description: `trust server TLS without verification, defaults to "on" (verify)`,
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaClientTLSCert,
|
||||
Description: "Set path to client certificate",
|
||||
Description: "path to client certificate for mTLS auth",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaClientTLSKey,
|
||||
Description: "Set path to client key",
|
||||
Description: "path to client key for mTLS auth",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaQueueDir,
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.KafkaQueueLimit,
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
@ -191,158 +229,48 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttTopic,
|
||||
Description: "name of the MQTT topic to publish on, e.g. `minio`",
|
||||
Description: "name of the MQTT topic to publish",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttUsername,
|
||||
Description: "username to connect to the MQTT server",
|
||||
Description: "MQTT username",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttPassword,
|
||||
Description: "password to connect to the MQTT server",
|
||||
Description: "MQTT password",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttQoS,
|
||||
Description: "set the Quality of Service Level for MQTT endpoint",
|
||||
Description: "set the quality of service priority, defaults to '0'",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttKeepAliveInterval,
|
||||
Description: "keep alive interval for MQTT connections",
|
||||
Description: "keep-alive interval for MQTT connections in s,m,h,d",
|
||||
Optional: true,
|
||||
Type: "duration",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttReconnectInterval,
|
||||
Description: "reconnect interval for MQTT connections",
|
||||
Description: "reconnect interval for MQTT connections in s,m,h,d",
|
||||
Optional: true,
|
||||
Type: "duration",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MqttQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
Optional: true,
|
||||
Type: "sentence",
|
||||
},
|
||||
}
|
||||
|
||||
HelpES = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.ElasticURL,
|
||||
Description: "Elasticsearch server's address, with optional authentication info",
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticFormat,
|
||||
Description: "set this to `namespace` or `access`, defaults to 'namespace'",
|
||||
Type: "namespace*|access",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticIndex,
|
||||
Description: "the name of an Elasticsearch index in which MinIO will store document",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
Optional: true,
|
||||
Type: "sentence",
|
||||
},
|
||||
}
|
||||
|
||||
HelpWebhook = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.WebhookEndpoint,
|
||||
Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.WebhookAuthToken,
|
||||
Description: "authorization token used for webhook server endpoint",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.WebhookQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.WebhookQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
Optional: true,
|
||||
Type: "sentence",
|
||||
},
|
||||
}
|
||||
|
||||
HelpRedis = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.RedisAddress,
|
||||
Description: "Redis server's address. For example: `localhost:6379`",
|
||||
Type: "address",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisFormat,
|
||||
Description: "specifies how data is populated, a hash is used in case of `namespace` format and a list in case of `access` format, defaults to 'namespace'",
|
||||
Type: "namespace*|access",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisKey,
|
||||
Description: "name of the Redis key under which events are stored",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisPassword,
|
||||
Description: "Redis server's password",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
@ -357,58 +285,58 @@ var (
|
||||
HelpPostgres = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.PostgresConnectionString,
|
||||
Description: "connection string parameters for the PostgreSQL server",
|
||||
Description: "Postgres server connection-string",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresTable,
|
||||
Description: "DB table name to store/update events, table is auto-created",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresFormat,
|
||||
Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
|
||||
Description: formatComment,
|
||||
Type: "namespace*|access",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresTable,
|
||||
Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresHost,
|
||||
Description: "host name of the PostgreSQL server. Defaults to `localhost`. IPv6 host should be enclosed with `[` and `]`",
|
||||
Description: "Postgres server hostname (used only if `connection_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "hostname",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresPort,
|
||||
Description: "port on which to connect to PostgreSQL server, defaults to `5432`",
|
||||
Description: "Postgres server port, defaults to `5432` (used only if `connection_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "port",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresUsername,
|
||||
Description: "database username, defaults to user running the MinIO process if not specified",
|
||||
Description: "database username (used only if `connection_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresPassword,
|
||||
Description: "database password",
|
||||
Description: "database password (used only if `connection_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresDatabase,
|
||||
Description: "postgres Database name",
|
||||
Description: "database name (used only if `connection_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.PostgresQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
@ -423,58 +351,58 @@ var (
|
||||
HelpMySQL = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.MySQLDSNString,
|
||||
Description: "data source name connection string for the MySQL server",
|
||||
Description: "MySQL data-source-name connection string",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLTable,
|
||||
Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
|
||||
Description: "DB table name to store/update events, table is auto-created",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLFormat,
|
||||
Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
|
||||
Description: formatComment,
|
||||
Type: "namespace*|access",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLHost,
|
||||
Description: "host name of the MySQL server (used only if `dsnString` is empty)",
|
||||
Description: "MySQL server hostname (used only if `dsn_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "hostname",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLPort,
|
||||
Description: "port on which to connect to the MySQL server (used only if `dsn_string` is empty)",
|
||||
Description: "MySQL server port (used only if `dsn_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "port",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLUsername,
|
||||
Description: "database user-name (used only if `dsnString` is empty)",
|
||||
Description: "database username (used only if `dsn_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLPassword,
|
||||
Description: "database password (used only if `dsnString` is empty)",
|
||||
Description: "database password (used only if `dsn_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLDatabase,
|
||||
Description: "database name (used only if `dsnString` is empty)",
|
||||
Description: "database name (used only if `dsn_string` is empty)",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.MySQLQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
@ -494,93 +422,99 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSSubject,
|
||||
Description: "NATS subject that represents this subscription",
|
||||
Description: "NATS subscription subject",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSUsername,
|
||||
Description: "username to be used when connecting to the server",
|
||||
Description: "NATS username",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSPassword,
|
||||
Description: "password to be used when connecting to a server",
|
||||
Description: "NATS password",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSToken,
|
||||
Description: "token to be used when connecting to a server",
|
||||
Description: "NATS token",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSSecure,
|
||||
Description: "set this to 'on', enables TLS secure connections that skip server verification (not recommended)",
|
||||
Key: target.NATSTLS,
|
||||
Description: "set to 'on' to enable TLS",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSTLSSkipVerify,
|
||||
Description: `trust server TLS without verification, defaults to "on" (verify)`,
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSPingInterval,
|
||||
Description: "client ping commands interval to the server, disabled by default",
|
||||
Description: "client ping commands interval in s,m,h,d. Disabled by default",
|
||||
Optional: true,
|
||||
Type: "duration",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSStreaming,
|
||||
Description: "set this to 'on', to use streaming NATS server",
|
||||
Description: "set to 'on', to use streaming NATS server",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSStreamingAsync,
|
||||
Description: "set this to 'on', to enable asynchronous publish, process the ACK or error state",
|
||||
Description: "set to 'on', to enable asynchronous publish",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSStreamingMaxPubAcksInFlight,
|
||||
Description: "specifies how many messages can be published without getting ACKs back from NATS streaming server",
|
||||
Description: "number of messages to publish without waiting for ACKs",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSStreamingClusterID,
|
||||
Description: "unique ID for the NATS streaming cluster",
|
||||
Description: "unique ID for NATS streaming cluster",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSCertAuthority,
|
||||
Description: "certificate chain of the target NATS server if self signed certs were used",
|
||||
Description: "path to certificate chain of the target NATS server",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSClientCert,
|
||||
Description: "TLS Cert used for NATS configured to require client certificates",
|
||||
Description: "client cert for NATS mTLS auth",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSClientKey,
|
||||
Description: "TLS Key used for NATS configured to require client certificates",
|
||||
Description: "client cert key for NATS mTLS auth",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSQueueDir,
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NATSQueueLimit,
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
@ -597,30 +531,108 @@ var (
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NSQTopic,
|
||||
Description: "NSQ topic unique per target",
|
||||
Description: "NSQ topic",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NSQTLS,
|
||||
Description: "set this to 'on', to enable TLS negotiation",
|
||||
Description: "set to 'on' to enable TLS",
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NSQTLSSkipVerify,
|
||||
Description: "set this to 'on', to disable client verification of server certificates",
|
||||
Description: `trust server TLS without verification, defaults to "on" (verify)`,
|
||||
Optional: true,
|
||||
Type: "on|off",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NSQQueueDir,
|
||||
Description: "local directory where events are stored e.g. '/home/events'",
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.NSQQueueLimit,
|
||||
Description: "enable persistent event store queue limit, defaults to '10000'",
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
Optional: true,
|
||||
Type: "sentence",
|
||||
},
|
||||
}
|
||||
|
||||
HelpES = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.ElasticURL,
|
||||
Description: "Elasticsearch server's address, with optional authentication info",
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticIndex,
|
||||
Description: `Elasticsearch index to store/update events, index is auto-created`,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticFormat,
|
||||
Description: formatComment,
|
||||
Type: "namespace*|access",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticQueueDir,
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.ElasticQueueLimit,
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: config.Comment,
|
||||
Description: config.DefaultComment,
|
||||
Optional: true,
|
||||
Type: "sentence",
|
||||
},
|
||||
}
|
||||
|
||||
HelpRedis = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: target.RedisAddress,
|
||||
Description: "Redis server's address. For example: `localhost:6379`",
|
||||
Type: "address",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisKey,
|
||||
Description: "Redis key to store/update events, key is auto-created",
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisFormat,
|
||||
Description: formatComment,
|
||||
Type: "namespace*|access",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisPassword,
|
||||
Description: "Redis server password",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisQueueDir,
|
||||
Description: queueDirComment,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: target.RedisQueueLimit,
|
||||
Description: queueLimitComment,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
|
@ -422,7 +422,11 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
|
||||
Value: cfg.ClientKey,
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSSecure,
|
||||
Key: target.NATSTLS,
|
||||
Value: config.FormatBool(cfg.Secure),
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSTLSSkipVerify,
|
||||
Value: config.FormatBool(cfg.Secure),
|
||||
},
|
||||
config.KV{
|
||||
|
@ -85,7 +85,7 @@ func RegisterNotificationTargets(cfg config.Config, doneCh <-chan struct{}, root
|
||||
return nil, err
|
||||
}
|
||||
|
||||
natsTargets, err := GetNotifyNATS(cfg[config.NotifyNATSSubSys])
|
||||
natsTargets, err := GetNotifyNATS(cfg[config.NotifyNATSSubSys], rootCAs)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -840,6 +840,14 @@ var (
|
||||
Key: target.NATSToken,
|
||||
Value: "",
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSTLS,
|
||||
Value: config.EnableOff,
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSTLSSkipVerify,
|
||||
Value: config.EnableOff,
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSCertAuthority,
|
||||
Value: "",
|
||||
@ -852,10 +860,6 @@ var (
|
||||
Key: target.NATSClientKey,
|
||||
Value: "",
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSSecure,
|
||||
Value: config.EnableOff,
|
||||
},
|
||||
config.KV{
|
||||
Key: target.NATSPingInterval,
|
||||
Value: "0",
|
||||
@ -888,7 +892,7 @@ var (
|
||||
)
|
||||
|
||||
// GetNotifyNATS - returns a map of registered notification 'nats' targets
|
||||
func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, error) {
|
||||
func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[string]target.NATSArgs, error) {
|
||||
natsTargets := make(map[string]target.NATSArgs)
|
||||
for k, kv := range mergeTargets(natsKVS, target.EnvNATSEnable, DefaultNATSKVS) {
|
||||
enableEnv := target.EnvNATSEnable
|
||||
@ -934,9 +938,14 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
|
||||
return nil, err
|
||||
}
|
||||
|
||||
secureEnv := target.EnvNATSSecure
|
||||
tlsEnv := target.EnvNATSTLS
|
||||
if k != config.Default {
|
||||
secureEnv = secureEnv + config.Default + k
|
||||
tlsEnv = tlsEnv + config.Default + k
|
||||
}
|
||||
|
||||
tlsSkipVerifyEnv := target.EnvNATSTLSSkipVerify
|
||||
if k != config.Default {
|
||||
tlsSkipVerifyEnv = tlsSkipVerifyEnv + config.Default + k
|
||||
}
|
||||
|
||||
subjectEnv := target.EnvNATSSubject
|
||||
@ -989,10 +998,12 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
|
||||
ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
|
||||
ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
|
||||
Token: env.Get(tokenEnv, kv.Get(target.NATSToken)),
|
||||
Secure: env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.EnableOn,
|
||||
TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn,
|
||||
TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn,
|
||||
PingInterval: pingInterval,
|
||||
QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
|
||||
QueueLimit: queueLimit,
|
||||
RootCAs: rootCAs,
|
||||
}
|
||||
|
||||
streamingEnableEnv := target.EnvNATSStreaming
|
||||
|
@ -23,12 +23,12 @@ var (
|
||||
Help = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: URL,
|
||||
Description: `OPA HTTP API endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
|
||||
Description: `OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: AuthToken,
|
||||
Description: "authorization token for OPA HTTP API endpoint",
|
||||
Description: "authorization token for OPA endpoint",
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
|
@ -23,44 +23,44 @@ var (
|
||||
Help = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: KMSVaultEndpoint,
|
||||
Description: `HashiCorp Vault API endpoint e.g. "http://vault-endpoint-ip:8200"`,
|
||||
Description: `API endpoint e.g. "http://vault-endpoint-ip:8200"`,
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultKeyName,
|
||||
Description: `transit key name used in vault policy, must be unique name e.g. "my-minio-key"`,
|
||||
Description: `unique transit key name e.g. "my-minio-key"`,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultAuthType,
|
||||
Description: `authentication type to Vault API endpoint e.g. "approle"`,
|
||||
Description: `supported auth type(s) ["approle"], defaults to "approle"`,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultAppRoleID,
|
||||
Description: `unique role ID created for AppRole`,
|
||||
Description: `unique role ID for approle`,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultAppRoleSecret,
|
||||
Description: `unique secret ID created for AppRole`,
|
||||
Description: `unique secret ID for approle`,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultNamespace,
|
||||
Description: `only needed if AppRole engine is scoped to Vault Namespace e.g. "ns1"`,
|
||||
Description: `optional KMS namespace e.g. "customer1"`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultKeyVersion,
|
||||
Description: `KMS Vault key version`,
|
||||
Description: `optional key version number`,
|
||||
Optional: true,
|
||||
Type: "number",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: KMSVaultCAPath,
|
||||
Description: `path to PEM-encoded CA cert files to use mTLS authentication (optional) e.g. "/home/user/custom-certs"`,
|
||||
Description: `optional path to PEM-encoded CA certs e.g. "/home/user/custom-certs"`,
|
||||
Optional: true,
|
||||
Type: "path",
|
||||
},
|
||||
|
@ -23,12 +23,12 @@ var (
|
||||
Help = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: Endpoint,
|
||||
Description: `HTTP logger endpoint e.g. "http://localhost:8080/minio/logs/server"`,
|
||||
Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/server"`,
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: AuthToken,
|
||||
Description: "authorization token for logger endpoint",
|
||||
Description: `opaque string or JWT authorization token`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
@ -43,12 +43,12 @@ var (
|
||||
HelpAudit = config.HelpKVS{
|
||||
config.HelpKV{
|
||||
Key: Endpoint,
|
||||
Description: `HTTP Audit logger endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
|
||||
Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
|
||||
Type: "url",
|
||||
},
|
||||
config.HelpKV{
|
||||
Key: AuthToken,
|
||||
Description: "authorization token for audit logger endpoint",
|
||||
Description: `opaque string or JWT authorization token`,
|
||||
Optional: true,
|
||||
Type: "string",
|
||||
},
|
||||
|
@ -486,13 +486,13 @@ To update the configuration, use `mc admin config get` command to get the curren
|
||||
|
||||
```sh
|
||||
$ mc admin config get myminio/ notify_nats
|
||||
notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" secure="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
|
||||
notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" tls="off" tls_skip_verify="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
|
||||
```
|
||||
|
||||
Use `mc admin config set` command to update the configuration for the deployment.Restart MinIO server to reflect config changes. `bucketevents` is the subject used by NATS in this example.
|
||||
|
||||
```sh
|
||||
$ mc admin config set myminio notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" secure="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
|
||||
$ mc admin config set myminio notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" tls="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
|
||||
```
|
||||
|
||||
MinIO server also supports [NATS Streaming mode](http://nats.io/documentation/streaming/nats-streaming-intro/) that offers additional functionality like `At-least-once-delivery`, and `Publisher rate limiting`. To configure MinIO server to send notifications to NATS Streaming server, update the MinIO server configuration file as follows:
|
||||
|
@ -16,11 +16,11 @@ HTTP target logs to a generic HTTP endpoint in JSON format and is not enabled by
|
||||
Assuming `mc` is already [configured](https://docs.min.io/docs/minio-client-quickstart-guide.html)
|
||||
```
|
||||
mc admin config get myminio/ logger_webhook
|
||||
logger_webhook:target1 auth_token="" endpoint=""
|
||||
logger_webhook:name1 auth_token="" endpoint=""
|
||||
```
|
||||
|
||||
```
|
||||
mc admin config set myminio logger_webhook:target1 auth_token="" endpoint="http://endpoint:port/path"
|
||||
mc admin config set myminio logger_webhook:name1 auth_token="" endpoint="http://endpoint:port/path"
|
||||
mc admin service restart myminio
|
||||
```
|
||||
|
||||
@ -38,11 +38,11 @@ minio server /mnt/data
|
||||
Assuming `mc` is already [configured](https://docs.min.io/docs/minio-client-quickstart-guide.html)
|
||||
```
|
||||
mc admin config get myminio/ audit_webhook
|
||||
audit_webhook:target1 auth_token="" endpoint=""
|
||||
audit_webhook:name1 auth_token="" endpoint=""
|
||||
```
|
||||
|
||||
```
|
||||
mc admin config set myminio audit_webhook:target1 auth_token="" endpoint="http://endpoint:port/path"
|
||||
mc admin config set myminio audit_webhook:name1 auth_token="" endpoint="http://endpoint:port/path"
|
||||
mc admin service restart myminio
|
||||
```
|
||||
|
||||
|
@ -18,6 +18,8 @@ package target
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/url"
|
||||
@ -37,7 +39,8 @@ const (
|
||||
NATSUsername = "username"
|
||||
NATSPassword = "password"
|
||||
NATSToken = "token"
|
||||
NATSSecure = "secure"
|
||||
NATSTLS = "tls"
|
||||
NATSTLSSkipVerify = "tls_skip_verify"
|
||||
NATSPingInterval = "ping_interval"
|
||||
NATSQueueDir = "queue_dir"
|
||||
NATSQueueLimit = "queue_limit"
|
||||
@ -57,7 +60,8 @@ const (
|
||||
EnvNATSUsername = "MINIO_NOTIFY_NATS_USERNAME"
|
||||
EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD"
|
||||
EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN"
|
||||
EnvNATSSecure = "MINIO_NOTIFY_NATS_SECURE"
|
||||
EnvNATSTLS = "MINIO_NOTIFY_NATS_TLS"
|
||||
EnvNATSTLSSkipVerify = "MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY"
|
||||
EnvNATSPingInterval = "MINIO_NOTIFY_NATS_PING_INTERVAL"
|
||||
EnvNATSQueueDir = "MINIO_NOTIFY_NATS_QUEUE_DIR"
|
||||
EnvNATSQueueLimit = "MINIO_NOTIFY_NATS_QUEUE_LIMIT"
|
||||
@ -80,6 +84,8 @@ type NATSArgs struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
Token string `json:"token"`
|
||||
TLS bool `json:"tls"`
|
||||
TLSSkipVerify bool `json:"tlsSkipVerify"`
|
||||
Secure bool `json:"secure"`
|
||||
CertAuthority string `json:"certAuthority"`
|
||||
ClientCert string `json:"clientCert"`
|
||||
@ -93,6 +99,8 @@ type NATSArgs struct {
|
||||
Async bool `json:"async"`
|
||||
MaxPubAcksInflight int `json:"maxPubAcksInflight"`
|
||||
} `json:"streaming"`
|
||||
|
||||
RootCAs *x509.CertPool `json:"-"`
|
||||
}
|
||||
|
||||
// Validate NATSArgs fields
|
||||
@ -140,8 +148,10 @@ func (n NATSArgs) connectNats() (*nats.Conn, error) {
|
||||
if n.Token != "" {
|
||||
connOpts = append(connOpts, nats.Token(n.Token))
|
||||
}
|
||||
if n.Secure {
|
||||
if n.Secure || n.TLS && n.TLSSkipVerify {
|
||||
connOpts = append(connOpts, nats.Secure(nil))
|
||||
} else if n.TLS {
|
||||
connOpts = append(connOpts, nats.Secure(&tls.Config{RootCAs: n.RootCAs}))
|
||||
}
|
||||
if n.CertAuthority != "" {
|
||||
connOpts = append(connOpts, nats.RootCAs(n.CertAuthority))
|
||||
|
Loading…
Reference in New Issue
Block a user