NATS TLS specify CA and client TLS authentication (#8389)

- added ability to specify CA for self-signed certificates - added option to authenticate using client certificates - added unit tests for nats connections
2025-11-23 02:57:42 -05:00 · 2019-11-15 12:13:23 -05:00
parent 13e2b97ad9
commit c9be601988
13 changed files with 411 additions and 58 deletions
--- a/cmd/config/notify/legacy.go
+++ b/cmd/config/notify/legacy.go
@@ -204,17 +204,20 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
 	}

 	s[config.NotifyNATSSubSys][natsName] = config.KVS{
-		config.State:            config.StateOn,
-		config.Comment:          "Settings for NATS notification, after migrating config",
-		target.NATSAddress:      cfg.Address.String(),
-		target.NATSSubject:      cfg.Subject,
-		target.NATSUsername:     cfg.Username,
-		target.NATSPassword:     cfg.Password,
-		target.NATSToken:        cfg.Token,
-		target.NATSSecure:       config.FormatBool(cfg.Secure),
-		target.NATSPingInterval: strconv.FormatInt(cfg.PingInterval, 10),
-		target.NATSQueueDir:     cfg.QueueDir,
-		target.NATSQueueLimit:   strconv.Itoa(int(cfg.QueueLimit)),
+		config.State:             config.StateOn,
+		config.Comment:           "Settings for NATS notification, after migrating config",
+		target.NATSAddress:       cfg.Address.String(),
+		target.NATSSubject:       cfg.Subject,
+		target.NATSUsername:      cfg.Username,
+		target.NATSPassword:      cfg.Password,
+		target.NATSToken:         cfg.Token,
+		target.NATSCertAuthority: cfg.CertAuthority,
+		target.NATSClientCert:    cfg.ClientCert,
+		target.NATSClientKey:     cfg.ClientKey,
+		target.NATSSecure:        config.FormatBool(cfg.Secure),
+		target.NATSPingInterval:  strconv.FormatInt(cfg.PingInterval, 10),
+		target.NATSQueueDir:      cfg.QueueDir,
+		target.NATSQueueLimit:    strconv.Itoa(int(cfg.QueueLimit)),
 		target.NATSStreaming: func() string {
 			if cfg.Streaming.Enable {
 				return config.StateOn