mirror of
https://github.com/minio/minio.git
synced 2025-01-11 15:03:22 -05:00
NATS TLS specify CA and client TLS authentication (#8389)
- added ability to specify CA for self-signed certificates - added option to authenticate using client certificates - added unit tests for nats connections
This commit is contained in:
parent
13e2b97ad9
commit
c9be601988
@ -145,6 +145,9 @@ var (
|
||||
target.NATSStreamingClusterID: "Unique ID for the NATS streaming cluster",
|
||||
target.NATSQueueLimit: "Enable persistent event store queue limit, defaults to '10000'",
|
||||
target.NATSQueueDir: "Local directory where events are stored eg: '/home/events'",
|
||||
target.NATSCertAuthority: "Certificate chain of the target NATS server if self signed certs were used",
|
||||
target.NATSClientCert: "TLS Cert used to authenticate against NATS configured to require client certificates",
|
||||
target.NATSClientKey: "TLS Key used to authenticate against NATS configured to require client certificates",
|
||||
}
|
||||
|
||||
HelpNSQ = config.HelpKV{
|
||||
|
@ -204,17 +204,20 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
|
||||
}
|
||||
|
||||
s[config.NotifyNATSSubSys][natsName] = config.KVS{
|
||||
config.State: config.StateOn,
|
||||
config.Comment: "Settings for NATS notification, after migrating config",
|
||||
target.NATSAddress: cfg.Address.String(),
|
||||
target.NATSSubject: cfg.Subject,
|
||||
target.NATSUsername: cfg.Username,
|
||||
target.NATSPassword: cfg.Password,
|
||||
target.NATSToken: cfg.Token,
|
||||
target.NATSSecure: config.FormatBool(cfg.Secure),
|
||||
target.NATSPingInterval: strconv.FormatInt(cfg.PingInterval, 10),
|
||||
target.NATSQueueDir: cfg.QueueDir,
|
||||
target.NATSQueueLimit: strconv.Itoa(int(cfg.QueueLimit)),
|
||||
config.State: config.StateOn,
|
||||
config.Comment: "Settings for NATS notification, after migrating config",
|
||||
target.NATSAddress: cfg.Address.String(),
|
||||
target.NATSSubject: cfg.Subject,
|
||||
target.NATSUsername: cfg.Username,
|
||||
target.NATSPassword: cfg.Password,
|
||||
target.NATSToken: cfg.Token,
|
||||
target.NATSCertAuthority: cfg.CertAuthority,
|
||||
target.NATSClientCert: cfg.ClientCert,
|
||||
target.NATSClientKey: cfg.ClientKey,
|
||||
target.NATSSecure: config.FormatBool(cfg.Secure),
|
||||
target.NATSPingInterval: strconv.FormatInt(cfg.PingInterval, 10),
|
||||
target.NATSQueueDir: cfg.QueueDir,
|
||||
target.NATSQueueLimit: strconv.Itoa(int(cfg.QueueLimit)),
|
||||
target.NATSStreaming: func() string {
|
||||
if cfg.Streaming.Enable {
|
||||
return config.StateOn
|
||||
|
@ -707,6 +707,9 @@ var (
|
||||
target.NATSUsername: "",
|
||||
target.NATSPassword: "",
|
||||
target.NATSToken: "",
|
||||
target.NATSCertAuthority: "",
|
||||
target.NATSClientCert: "",
|
||||
target.NATSClientKey: "",
|
||||
target.NATSSecure: config.StateOff,
|
||||
target.NATSPingInterval: "0",
|
||||
target.NATSQueueLimit: "0",
|
||||
@ -795,17 +798,35 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
|
||||
queueDirEnv = queueDirEnv + config.Default + k
|
||||
}
|
||||
|
||||
certAuthorityEnv := target.EnvNATSCertAuthority
|
||||
if k != config.Default {
|
||||
certAuthorityEnv = certAuthorityEnv + config.Default + k
|
||||
}
|
||||
|
||||
clientCertEnv := target.EnvNATSClientCert
|
||||
if k != config.Default {
|
||||
clientCertEnv = clientCertEnv + config.Default + k
|
||||
}
|
||||
|
||||
clientKeyEnv := target.EnvNATSClientKey
|
||||
if k != config.Default {
|
||||
clientKeyEnv = clientKeyEnv + config.Default + k
|
||||
}
|
||||
|
||||
natsArgs := target.NATSArgs{
|
||||
Enable: true,
|
||||
Address: *address,
|
||||
Subject: env.Get(subjectEnv, kv.Get(target.NATSSubject)),
|
||||
Username: env.Get(usernameEnv, kv.Get(target.NATSUsername)),
|
||||
Password: env.Get(passwordEnv, kv.Get(target.NATSPassword)),
|
||||
Token: env.Get(tokenEnv, kv.Get(target.NATSToken)),
|
||||
Secure: env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.StateOn,
|
||||
PingInterval: pingInterval,
|
||||
QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
|
||||
QueueLimit: queueLimit,
|
||||
Enable: true,
|
||||
Address: *address,
|
||||
Subject: env.Get(subjectEnv, kv.Get(target.NATSSubject)),
|
||||
Username: env.Get(usernameEnv, kv.Get(target.NATSUsername)),
|
||||
Password: env.Get(passwordEnv, kv.Get(target.NATSPassword)),
|
||||
CertAuthority: env.Get(certAuthorityEnv, kv.Get(target.NATSCertAuthority)),
|
||||
ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
|
||||
ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
|
||||
Token: env.Get(tokenEnv, kv.Get(target.NATSToken)),
|
||||
Secure: env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.StateOn,
|
||||
PingInterval: pingInterval,
|
||||
QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
|
||||
QueueLimit: queueLimit,
|
||||
}
|
||||
|
||||
streamingEnableEnv := target.EnvNATSStreaming
|
||||
|
@ -32,15 +32,18 @@ import (
|
||||
|
||||
// NATS related constants
|
||||
const (
|
||||
NATSAddress = "address"
|
||||
NATSSubject = "subject"
|
||||
NATSUsername = "username"
|
||||
NATSPassword = "password"
|
||||
NATSToken = "token"
|
||||
NATSSecure = "secure"
|
||||
NATSPingInterval = "ping_interval"
|
||||
NATSQueueDir = "queue_dir"
|
||||
NATSQueueLimit = "queue_limit"
|
||||
NATSAddress = "address"
|
||||
NATSSubject = "subject"
|
||||
NATSUsername = "username"
|
||||
NATSPassword = "password"
|
||||
NATSToken = "token"
|
||||
NATSSecure = "secure"
|
||||
NATSPingInterval = "ping_interval"
|
||||
NATSQueueDir = "queue_dir"
|
||||
NATSQueueLimit = "queue_limit"
|
||||
NATSCertAuthority = "cert_authority"
|
||||
NATSClientCert = "client_cert"
|
||||
NATSClientKey = "client_key"
|
||||
|
||||
// Streaming constants
|
||||
NATSStreaming = "streaming"
|
||||
@ -48,16 +51,19 @@ const (
|
||||
NATSStreamingAsync = "streaming_async"
|
||||
NATSStreamingMaxPubAcksInFlight = "streaming_max_pub_acks_in_flight"
|
||||
|
||||
EnvNATSState = "MINIO_NOTIFY_NATS_STATE"
|
||||
EnvNATSAddress = "MINIO_NOTIFY_NATS_ADDRESS"
|
||||
EnvNATSSubject = "MINIO_NOTIFY_NATS_SUBJECT"
|
||||
EnvNATSUsername = "MINIO_NOTIFY_NATS_USERNAME"
|
||||
EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD"
|
||||
EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN"
|
||||
EnvNATSSecure = "MINIO_NOTIFY_NATS_SECURE"
|
||||
EnvNATSPingInterval = "MINIO_NOTIFY_NATS_PING_INTERVAL"
|
||||
EnvNATSQueueDir = "MINIO_NOTIFY_NATS_QUEUE_DIR"
|
||||
EnvNATSQueueLimit = "MINIO_NOTIFY_NATS_QUEUE_LIMIT"
|
||||
EnvNATSState = "MINIO_NOTIFY_NATS_STATE"
|
||||
EnvNATSAddress = "MINIO_NOTIFY_NATS_ADDRESS"
|
||||
EnvNATSSubject = "MINIO_NOTIFY_NATS_SUBJECT"
|
||||
EnvNATSUsername = "MINIO_NOTIFY_NATS_USERNAME"
|
||||
EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD"
|
||||
EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN"
|
||||
EnvNATSSecure = "MINIO_NOTIFY_NATS_SECURE"
|
||||
EnvNATSPingInterval = "MINIO_NOTIFY_NATS_PING_INTERVAL"
|
||||
EnvNATSQueueDir = "MINIO_NOTIFY_NATS_QUEUE_DIR"
|
||||
EnvNATSQueueLimit = "MINIO_NOTIFY_NATS_QUEUE_LIMIT"
|
||||
EnvNATSCertAuthority = "MINIO_NOTIFY_NATS_CERT_AUTHORITY"
|
||||
EnvNATSClientCert = "MINIO_NOTIFY_NATS_CLIENT_CERT"
|
||||
EnvNATSClientKey = "MINIO_NOTIFY_NATS_CLIENT_KEY"
|
||||
|
||||
// Streaming constants
|
||||
EnvNATSStreaming = "MINIO_NOTIFY_NATS_STREAMING"
|
||||
@ -68,17 +74,20 @@ const (
|
||||
|
||||
// NATSArgs - NATS target arguments.
|
||||
type NATSArgs struct {
|
||||
Enable bool `json:"enable"`
|
||||
Address xnet.Host `json:"address"`
|
||||
Subject string `json:"subject"`
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
Token string `json:"token"`
|
||||
Secure bool `json:"secure"`
|
||||
PingInterval int64 `json:"pingInterval"`
|
||||
QueueDir string `json:"queueDir"`
|
||||
QueueLimit uint64 `json:"queueLimit"`
|
||||
Streaming struct {
|
||||
Enable bool `json:"enable"`
|
||||
Address xnet.Host `json:"address"`
|
||||
Subject string `json:"subject"`
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
Token string `json:"token"`
|
||||
Secure bool `json:"secure"`
|
||||
CertAuthority string `json:"certAuthority"`
|
||||
ClientCert string `json:"clientCert"`
|
||||
ClientKey string `json:"clientKey"`
|
||||
PingInterval int64 `json:"pingInterval"`
|
||||
QueueDir string `json:"queueDir"`
|
||||
QueueLimit uint64 `json:"queueLimit"`
|
||||
Streaming struct {
|
||||
Enable bool `json:"enable"`
|
||||
ClusterID string `json:"clusterID"`
|
||||
Async bool `json:"async"`
|
||||
@ -100,6 +109,10 @@ func (n NATSArgs) Validate() error {
|
||||
return errors.New("empty subject")
|
||||
}
|
||||
|
||||
if n.ClientCert != "" && n.ClientKey == "" || n.ClientCert == "" && n.ClientKey != "" {
|
||||
return errors.New("cert and key must be specified as a pair")
|
||||
}
|
||||
|
||||
if n.Streaming.Enable {
|
||||
if n.Streaming.ClusterID == "" {
|
||||
return errors.New("empty cluster id")
|
||||
@ -120,13 +133,23 @@ func (n NATSArgs) Validate() error {
|
||||
|
||||
// To obtain a nats connection from args.
|
||||
func (n NATSArgs) connectNats() (*nats.Conn, error) {
|
||||
options := nats.DefaultOptions
|
||||
options.Url = "nats://" + n.Address.String()
|
||||
options.User = n.Username
|
||||
options.Password = n.Password
|
||||
options.Token = n.Token
|
||||
options.Secure = n.Secure
|
||||
return options.Connect()
|
||||
connOpts := []nats.Option{nats.Name("Minio Notification")}
|
||||
if n.Username != "" && n.Password != "" {
|
||||
connOpts = append(connOpts, nats.UserInfo(n.Username, n.Password))
|
||||
}
|
||||
if n.Token != "" {
|
||||
connOpts = append(connOpts, nats.Token(n.Token))
|
||||
}
|
||||
if n.Secure {
|
||||
connOpts = append(connOpts, nats.Secure(nil))
|
||||
}
|
||||
if n.CertAuthority != "" {
|
||||
connOpts = append(connOpts, nats.RootCAs(n.CertAuthority))
|
||||
}
|
||||
if n.ClientCert != "" && n.ClientKey != "" {
|
||||
connOpts = append(connOpts, nats.ClientCert(n.ClientCert, n.ClientKey))
|
||||
}
|
||||
return nats.Connect(n.Address.String(), connOpts...)
|
||||
}
|
||||
|
||||
// To obtain a streaming connection from args.
|
||||
|
138
pkg/event/target/nats_test.go
Normal file
138
pkg/event/target/nats_test.go
Normal file
@ -0,0 +1,138 @@
|
||||
/*
|
||||
* MinIO Cloud Storage, (C) 2019 MinIO, Inc.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package target
|
||||
|
||||
import (
|
||||
"path"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
xnet "github.com/minio/minio/pkg/net"
|
||||
natsserver "github.com/nats-io/nats-server/v2/test"
|
||||
)
|
||||
|
||||
func TestNatsConnPlain(t *testing.T) {
|
||||
opts := natsserver.DefaultTestOptions
|
||||
opts.Port = 14222
|
||||
s := natsserver.RunServer(&opts)
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
}
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnUserPass(t *testing.T) {
|
||||
opts := natsserver.DefaultTestOptions
|
||||
opts.Port = 14223
|
||||
opts.Username = "testminio"
|
||||
opts.Password = "miniotest"
|
||||
s := natsserver.RunServer(&opts)
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Username: opts.Username,
|
||||
Password: opts.Password,
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnToken(t *testing.T) {
|
||||
opts := natsserver.DefaultTestOptions
|
||||
opts.Port = 14223
|
||||
opts.Authorization = "s3cr3t"
|
||||
s := natsserver.RunServer(&opts)
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Token: opts.Authorization,
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnTLSCustomCA(t *testing.T) {
|
||||
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Secure: true,
|
||||
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnTLSClientAuthorization(t *testing.T) {
|
||||
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Secure: true,
|
||||
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
|
||||
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
|
||||
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
19
pkg/event/target/testdata/certs/nats_client_cert.pem
vendored
Normal file
19
pkg/event/target/testdata/certs/nats_client_cert.pem
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFTCCAf0CFHzIPe2CTpos6fYYVcZD4xAMYD0FMA0GCSqGSIb3DQEBCwUAMEox
|
||||
CzAJBgNVBAYTAkNBMRMwEQYDVQQIDApTb21lLVN0YXRlMQ4wDAYDVQQKDAVNaW5p
|
||||
bzEWMBQGA1UECwwNTWluaW8gUm9vdCBDQTAgFw0xOTEwMTEyMDE4NTJaGA8yMTE5
|
||||
MDkxNzIwMTg1MlowQjELMAkGA1UEBhMCQ0ExDjAMBgNVBAoMBU1pbmlvMQ8wDQYD
|
||||
VQQLDAZDbGllbnQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBANsLgS7C0BDsfhWQVyuFGrpl9IWGyAQvSECzepdvxcUz
|
||||
CJ5QTSjtMq+2XbkozsmJ0WKtXY+c2vYuNMcthfNzLmn8KMxDoCqMwLXNMO8lLuF5
|
||||
94pH0DmTvEngjEDIOPM9aNbfmLU9Lbeiplkjt0izYObg+MzsTS0lIR2yKtSoVFOV
|
||||
zzSGRvMfUO/rOlRgBio9Hhx8fL0cckr7SzwJcYtttr+1cySNkGVI8/E5Pe0T3fVW
|
||||
7kiCHtUbbST0sQWorDDMkwTYyd2TvB8B8BzfSRNUavnb37bp8woqJottYXXEcLff
|
||||
HL7kOhnmqvOSLSnG9ynF+WlE7ZykHw+VsIrRsl/5NwkCAwEAATANBgkqhkiG9w0B
|
||||
AQsFAAOCAQEASfRN6esWr68ieeODFuiyhMaZ3kHKWiyvT3MDrFPcBgTIbi4CvFmb
|
||||
+ynT7aDKxBpO8Ttl208QyLZxn9YeiFCZVVy8+o1JaQd30cjewX6A9dCd16yi3lva
|
||||
tbVLVl+pJqKwr/wdEwrJ23bUYpFNrex38dxaRUOQ4Zaj6QzCXvB+IR/RvYZ2U23o
|
||||
pW0BEYdi+V3M0tuAvmX4NOrLvGUF1D93WRQuiueaMF8yNhiwuT/eCcpct3FLqacC
|
||||
+NvdK0aiBdUgDvdA7OroXy0Ow768wHpLvfsxqepiXXK/9748hMQxgeaUzDE6SRFF
|
||||
FqgnBuFgIu4MH7ki1EnH+KekFepsPF7BIA==
|
||||
-----END CERTIFICATE-----
|
27
pkg/event/target/testdata/certs/nats_client_key.pem
vendored
Normal file
27
pkg/event/target/testdata/certs/nats_client_key.pem
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEA2wuBLsLQEOx+FZBXK4UaumX0hYbIBC9IQLN6l2/FxTMInlBN
|
||||
KO0yr7ZduSjOyYnRYq1dj5za9i40xy2F83MuafwozEOgKozAtc0w7yUu4Xn3ikfQ
|
||||
OZO8SeCMQMg48z1o1t+YtT0tt6KmWSO3SLNg5uD4zOxNLSUhHbIq1KhUU5XPNIZG
|
||||
8x9Q7+s6VGAGKj0eHHx8vRxySvtLPAlxi222v7VzJI2QZUjz8Tk97RPd9VbuSIIe
|
||||
1RttJPSxBaisMMyTBNjJ3ZO8HwHwHN9JE1Rq+dvftunzCiomi21hdcRwt98cvuQ6
|
||||
Geaq85ItKcb3KcX5aUTtnKQfD5WwitGyX/k3CQIDAQABAoIBACrO7Mg+unsUPO/p
|
||||
7Z9LvBWBp3ARDzYCJ5S9fs/pwDTx7FVETFAbSzSb52UwXHl2vb0TNJ3EgeZq0VW7
|
||||
x9n0QLXl2fNRpBOsvlzJZS7XjXnzZDVaI4+dF8c4YzCl8LtY3QxhVm7VLgIdf3Uc
|
||||
Tc2fgOiePwGNjOetwfMTxtsYqqJK4Ang/nop6WIZtJxlq/H4D/OueDScv8yM96WP
|
||||
Lb+5YMrlTtA79TTn44hdd/IVJBV74UK335bWaV2gqop/r/kymYcmIS6eQ8Fx8Au8
|
||||
FhqjL38r6H5mnyH/euBJDf+B9aPej44m093j/gy8C6PFdVHXOw4h3su+RJkV7J+x
|
||||
JzSCYiECgYEA/0e1h7XVHVjRI/hzlpZlHomw4SYXc1R5DBljsD+0baNWdgwShdiA
|
||||
qZyhVl1/WJEK6r+tT/a0rGcIz1CkjPvjOf66+FVwukqp4UDdeZA28CC6GvbAlBW7
|
||||
Gz3wWjbC3quR8OCcGbNrRIUegeN3KxIpyzTXKv2PRUnkkj2z2+clf1sCgYEA26mj
|
||||
AiynCFZH2DIk36y1Qvn2Yh/LgO+JrZNmh0YlDENstLXEU5tkLyRxhbYDsDFKHr7a
|
||||
1pHZZa2SLKMQEKNZ3OgP5osvl4BxSt5SrusGQHACb1FeWN3BdIWI5S0ZIgBih46G
|
||||
IKA1ce4CnLo3oWm1L9tEFnTtMEqEtkECMnYTtGsCgYAsDgYH65thuygsmv3nqQC+
|
||||
ami6EkbNwnA5ZFBN5FCQ8zVCnga8Toa1vrAhJXWKpU1LAdU5DYxUjFt626HqKrYm
|
||||
Fg3SOXyAyc3Tb8xI5Fh2zE8RxC+r3qwxoVjPWM/8eYNwHHMUBGCorIh9RfIU3seT
|
||||
qATSCHwnKv9lNXzKoHNaLQKBgGURdkkn1mrFmCTnXYP06Sm57R1U18Opc0WEDqar
|
||||
JZyw4TF8eKqnUr9GG12UU7ob06i10+bqEIbyB9G17UxafJxhwf8nh2xD0tzJ0m1d
|
||||
AfFgGB6z558n2T0Nu+EGkQvN9Ye9kgUs8apMArOuEq6X/p/YWUmj3wZbIxjgbGxf
|
||||
W82lAoGATTwJCXE6y+D5Vc5I9BTPgJd6Wg/6n+BAmadt3lG/VbPxndQBudCNii0Z
|
||||
C7uyMrbK0RVY+DZAFuZWLskIoU+t82HgIsQNAH5KPz27PCWq+DznrARp+maKXj5f
|
||||
f5Vsvz6KBzM8Lnts3m20AYcRP4meBa6HNHLnYGedTbRLKYobOgg=
|
||||
-----END RSA PRIVATE KEY-----
|
19
pkg/event/target/testdata/certs/nats_server_cert.pem
vendored
Normal file
19
pkg/event/target/testdata/certs/nats_server_cert.pem
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFTCCAf0CFHzIPe2CTpos6fYYVcZD4xAMYD0EMA0GCSqGSIb3DQEBCwUAMEox
|
||||
CzAJBgNVBAYTAkNBMRMwEQYDVQQIDApTb21lLVN0YXRlMQ4wDAYDVQQKDAVNaW5p
|
||||
bzEWMBQGA1UECwwNTWluaW8gUm9vdCBDQTAgFw0xOTEwMTEyMDE1NTRaGA8yMTE5
|
||||
MDkxNzIwMTU1NFowQjELMAkGA1UEBhMCQ0ExDjAMBgNVBAoMBU1pbmlvMQ8wDQYD
|
||||
VQQLDAZTZXJ2ZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAMxbKHUPlW4wIX0G45jRG84o5viXtu7E044QpTGwDS+u
|
||||
KCG3w4pWUwnor/uCjkzKSmg+6Sx/889de7QySPwt4TA+F7qy7TrUnIUiaVFcPmeQ
|
||||
YsI68JM857nk4ScxK4C4NzJ78DlQreyPwIMx4rAGfEZpdQbAE0LWyOJ9rfMK1uF/
|
||||
PFdyNKOUw/fy5iA/DOUeoUqFATIjj5KUWojnt9QZ+M1pGbQsLWc7fzDuavVrAvR7
|
||||
wt386bayzLftzHr6rLWWzPoA70ltzvu6JxKU5xZSY5nA2Pip+le6q997+Sm5Dt5L
|
||||
VZuSTzjKVNDV9l329eZJnozROdlSURVvg6fK5J8vUIsCAwEAATANBgkqhkiG9w0B
|
||||
AQsFAAOCAQEAg6kLnBrjT4agClF94Rc2y6fOTWWzz7C4Ao6iQp3Tcr/YraY7FEEM
|
||||
kkZT0osn1JSvut9f2gy2py3+FLAk4OdAt9NBIpjIMDmbIyiQYw+2w3IHJYwdHBXj
|
||||
HapyjU2zFQvD6PNUUV4YukR28MmMk0UEizXxkEDm+Qf5t4Bpnv7tFiysMWmA6cCJ
|
||||
1fvGOtCPazi0hZc0VkfTnl5OY/Msi+sYCh4gnCqYWICszMm37QKOJrJbY8mTSzAk
|
||||
p/0dxAUDDKTuf+UPDqJ2I6o9/XEEwmPGOFovoS9iQhdyWWonRDL3+gCeE2cxEeu5
|
||||
QEOwxMQz08XRSsgxag9R3tcywXbaamgQYw==
|
||||
-----END CERTIFICATE-----
|
27
pkg/event/target/testdata/certs/nats_server_key.pem
vendored
Normal file
27
pkg/event/target/testdata/certs/nats_server_key.pem
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAzFsodQ+VbjAhfQbjmNEbzijm+Je27sTTjhClMbANL64oIbfD
|
||||
ilZTCeiv+4KOTMpKaD7pLH/zz117tDJI/C3hMD4XurLtOtSchSJpUVw+Z5Biwjrw
|
||||
kzznueThJzErgLg3MnvwOVCt7I/AgzHisAZ8Rml1BsATQtbI4n2t8wrW4X88V3I0
|
||||
o5TD9/LmID8M5R6hSoUBMiOPkpRaiOe31Bn4zWkZtCwtZzt/MO5q9WsC9HvC3fzp
|
||||
trLMt+3MevqstZbM+gDvSW3O+7onEpTnFlJjmcDY+Kn6V7qr33v5KbkO3ktVm5JP
|
||||
OMpU0NX2Xfb15kmejNE52VJRFW+Dp8rkny9QiwIDAQABAoIBABPVsTqTdaSJRWbW
|
||||
OVcGzNUYwTpVt2q7bfE3CmGlPdJn6/tB09fkgxDOJe6agGdRpyExIf6wuKBi6XPX
|
||||
AaCAb3/4NuNnJIF2S27cpS5BbsksiXlisSEJY1B2t6fPLPLEbo8W2n0lqIvyc/QH
|
||||
7oG5T2yiJbqu/++X202ody7E2ZBvVXgwjBJuzxeQ9PPiPyjH2lAgciA0HtmXiHSj
|
||||
pIz6V6XmN5CkyawvExA3F1wxIxf2CNRHLpls/DFGkVIz6pUlleKe7fBKVqeLuwnd
|
||||
Lnjt9lrCrEozXcwUQnw5KVccB2+0xU8pIl78tPf9EHOHf5Bx1WCFl/YL5qEmfSsL
|
||||
x3WM/WkCgYEA+7wdzK2M3LSJ6tat+eM9DT8bqSFhFAA41Jv1UdhTJZb8AKPs+6wX
|
||||
13rUcjTnSI75KqApGaIbe3dF7640VmD9eyLNkc2SHr/yNPKV96sEiWk7TVgIWa0J
|
||||
vBqPB9UWrkzqBov5VJEpeKlKuCCZGOxN7nkMtH93XmX9Nm3BxmMCQ8cCgYEAz9GK
|
||||
FS1pwjj8DpyLW5GEFbcwGugkb/4ebc/OK4W93YvAYwoyJF7oSI9WzKG/R5Ko/0G7
|
||||
ESHt0d2pfRDR5XCkoJee4MFFIheLeVM4HDUoIY42I7gl/op+H9fGSNplBYDpVk7O
|
||||
FNl9NFgUDytMbuh14SmAU3Yc7EjGruFgoZUPRR0CgYEAimwNos/HxlDMCcMUlXT7
|
||||
zD3oct7056+bkGVVxzSBvAjC94MsO9OMpKNZEJfAmehsYKEDGKJIJGMYpMwQ4XKh
|
||||
z8T6bvMwJxJ7F9xQ1IhIjVq9DjGbHdyFntan0bG9sAiBIypy5qqPuFa2zHq4VLkT
|
||||
vU74yoPQ2qqQSw6dX/5vb18CgYEAnLlZeT8WUvLGo/5K2nOTOQ09qg0H7a2nJQli
|
||||
YlAqL7oFDKvTxLoOUypGO2x/5GomKNpZSUJdJ7gS6c6VfILGpJWzq6wVhvBartSj
|
||||
rCIqcaPeEHH/tUacd0cysh6BsPTXA8/Kes7KLX9/ITF2Iu4MeBHkRQz+IvN/YsN1
|
||||
LGZNbcECgYAqWDnPa2GwFOgTrVwB1AfsCD1PVhSM+AnWnL7avHwD6WIDKB5qb9Ip
|
||||
cF83o5bhLrLYVlpZNI1ESKgONyWlYOssBNb0KP51kgkBbtr+5qcCFoKzf5inyve2
|
||||
MTE1g+maOLtfRaVrlsGcirWSZdIk8dQmDX8nNM+Rg5hahF2l0/zopg==
|
||||
-----END RSA PRIVATE KEY-----
|
21
pkg/event/target/testdata/certs/root_ca_cert.pem
vendored
Normal file
21
pkg/event/target/testdata/certs/root_ca_cert.pem
vendored
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDdzCCAl+gAwIBAgIUTuCjkiDWaSa3X747ybs/SnZ6aHQwDQYJKoZIhvcNAQEL
|
||||
BQAwSjELMAkGA1UEBhMCQ0ExEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoM
|
||||
BU1pbmlvMRYwFAYDVQQLDA1NaW5pbyBSb290IENBMCAXDTE5MTAxMTE5NTIxOFoY
|
||||
DzIxMTkwOTE3MTk1MjE4WjBKMQswCQYDVQQGEwJDQTETMBEGA1UECAwKU29tZS1T
|
||||
dGF0ZTEOMAwGA1UECgwFTWluaW8xFjAUBgNVBAsMDU1pbmlvIFJvb3QgQ0EwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDAOyo76TMpltNUXiRAGaxaVMG
|
||||
E2cf/JudJ+2ve7lxXo1Zz9PaJUOa5wl2b5ebwhXYP7lxdRRz488TfM4YmAm1fkgS
|
||||
fhBHP337aeUCeW4mybv7P0jBDHYasiDy92YqX5tv2zPifRaoQ/jkUmEyY29VdTQq
|
||||
LyuUCo4hmY3tO5daXN+x9DdnZj8VDkC235UpEe9vgvtY62m7w+guV/XdwKBvQKpa
|
||||
248qaqUxvJ8l9sXCnLjNMWwm/6ZpPPcQvYW95P2bhwGH8KrdKeSutW8vVeUa2DN+
|
||||
E7QsEopVvg48t/dSVol9xXVQ2QMlNYBsrPQS04GX3aakVREI0r/krRl11Kf7AgMB
|
||||
AAGjUzBRMB0GA1UdDgQWBBQtvCicVaNfZaLEXW7sgZYlTyjuuzAfBgNVHSMEGDAW
|
||||
gBQtvCicVaNfZaLEXW7sgZYlTyjuuzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQC9LflSKc6l8j280aTQyjjTdMysmKqb8Rs7dtSSaFXQK9nuzOhD
|
||||
FGtahhsJFv/GnUu0weZoEMYySeNzaUoW0ICc3+iI2KMWcUlF/K3/P47tYrVMGJKW
|
||||
YbuUS7lTxtra9xbFhxGCF8NwM6JG9TrP7JT9b/tn2Xb+UNsxWTH8pf1plusiOvQl
|
||||
2JFc+BJzhooLP9sK0YGrb7i3CdQj5QcZjxVCDKAuosvMY/shoW4aEIEECSEtJ9mY
|
||||
Rrfft0bOQ7ZKhDgu2ou+lyeyyWFS/19wr5LMvy+lUYG9H100peCpv5tHdGUF1lLR
|
||||
m4g6eQK57EI6BoPpNomYtXkoRKP9MXiZ7InC
|
||||
-----END CERTIFICATE-----
|
27
pkg/event/target/testdata/certs/root_ca_key.pem
vendored
Normal file
27
pkg/event/target/testdata/certs/root_ca_key.pem
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAwwDsqO+kzKZbTVF4kQBmsWlTBhNnH/ybnSftr3u5cV6NWc/T
|
||||
2iVDmucJdm+Xm8IV2D+5cXUUc+PPE3zOGJgJtX5IEn4QRz99+2nlAnluJsm7+z9I
|
||||
wQx2GrIg8vdmKl+bb9sz4n0WqEP45FJhMmNvVXU0Ki8rlAqOIZmN7TuXWlzfsfQ3
|
||||
Z2Y/FQ5Att+VKRHvb4L7WOtpu8PoLlf13cCgb0CqWtuPKmqlMbyfJfbFwpy4zTFs
|
||||
Jv+maTz3EL2FveT9m4cBh/Cq3SnkrrVvL1XlGtgzfhO0LBKKVb4OPLf3UlaJfcV1
|
||||
UNkDJTWAbKz0EtOBl92mpFURCNK/5K0ZddSn+wIDAQABAoIBABcVbu54n9uR/dDj
|
||||
ShBwKbfqredUOKryrkEmTt6tGMCw3q65CW0TaDNYEiixARNxIEDfGkayA1/MoeC+
|
||||
r2794HhZoJJ/1dF5VKKEYJWwZje1Pcl6LlSb8wcp+viIDNILS00sd7Hh+OKmWTo9
|
||||
/j+GwdEt9KThvJjjvvt/P+vLWBlcHD2zKFJnq826jKFESkUkY8P6e0cRzOuwGY+E
|
||||
LYXAwZC+j7wS3c7tW7PyhGAXkTxohtNNYZ6vOGnGetnTxQDICZ9hCIZMA+7hrtK8
|
||||
TAGWtWvwx/5SgEl2+b7M0q70I/2LQSB4ACgOfkhm38z7FwqkvTMl9YhR8E4qvZsZ
|
||||
2fv4hoECgYEA5GG8W1H82Z8fxY4AMKwbvlZ5pZGuIwwm+ABsg5BlSMfXZS2APJuP
|
||||
wUUOW2gcjDXq/m+7HphgJADpkf+j6NhTks2gWF32VPCfp1EnxOrjOkrZqtBcud+A
|
||||
1d0HeWvUMYl4iq9+3haILyfN4nQkFeYO1X0wD2kgrEeIkgipjG//tlsCgYEA2pXd
|
||||
PvXugREkt+HladpCQXPnxHgS+QZuPNBYcDFMlOpC6RdcLzDWcqGzmYROM9/sbI+c
|
||||
0H3l9ROOkqkA1jq8K2apOKmH9NBOZAaIfi+A450rnJK0trhMsuUgY/xrj+BBO1Vm
|
||||
LrAIJ6TMpp8DntO/EVitLBwjR6WrM4pUB9kRxuECgYEA3vEp1luq4SYc9dUxClJ4
|
||||
os334lDcFQp/4AlJ5QTIWsv60KIiVQfmxVyML17qv1TDGa4olC1bbMoXOJa9g0fq
|
||||
DZz9skXHehOLRuJKWEiTmQwIgF72pdwxAJTL/xPsCI+SRJAc4OBOAPpyWWXW9Cmo
|
||||
wW97ww90/bi28RfTq2yJy5ECgYARPXq6yYjrMx/zROTkSWuqX+rqyxGsBH7TWxdu
|
||||
meTRZfyrB8WkjzSKzAgvVokYfFPYaCdVJmjpwIYhOSUwwGcxASLdrjlj7L4SE5XW
|
||||
ZgbDbRUQf12zf6vE/F9mo3UUXvqmJGEv04CBJ/VgOvB9KXRLePQHo5yAvSdYpFNm
|
||||
Xw+Q4QKBgHbV9YV+b1D+8SKNgpCZcrgTmvXIS4ibHdIYT2cxqGbkYS9T1UuJ1kWd
|
||||
PBeeYsF3CeCBi1PGKI9eYO85W0aS3fZyrekBOyOVDUqQNpXQPQVdCZtB1l6dtRbD
|
||||
3hARd9eQ1Gq1XofKX6Lbc+7tQcmZbAKJbr3JjHJMDUORYk+o8hdK
|
||||
-----END RSA PRIVATE KEY-----
|
7
pkg/event/target/testdata/nats_tls.conf
vendored
Normal file
7
pkg/event/target/testdata/nats_tls.conf
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
port: 14225
|
||||
net: localhost
|
||||
|
||||
tls {
|
||||
cert_file: "./testdata/certs/nats_server_cert.pem"
|
||||
key_file: "./testdata/certs/nats_server_key.pem"
|
||||
}
|
18
pkg/event/target/testdata/nats_tls_client_cert.conf
vendored
Normal file
18
pkg/event/target/testdata/nats_tls_client_cert.conf
vendored
Normal file
@ -0,0 +1,18 @@
|
||||
port: 14226
|
||||
net: localhost
|
||||
|
||||
tls {
|
||||
cert_file: "./testdata/certs/nats_server_cert.pem"
|
||||
key_file: "./testdata/certs/nats_server_key.pem"
|
||||
ca_file: "./testdata/certs/root_ca_cert.pem"
|
||||
verify_and_map: true
|
||||
}
|
||||
authorization {
|
||||
ADMIN = {
|
||||
publish = ">"
|
||||
subscribe = ">"
|
||||
}
|
||||
users = [
|
||||
{user: "CN=localhost,OU=Client,O=Minio,C=CA", permissions: $ADMIN}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue
Block a user