diff --git a/internal/config/notify/legacy.go b/internal/config/notify/legacy.go index 39ce33f99..b742a3656 100644 --- a/internal/config/notify/legacy.go +++ b/internal/config/notify/legacy.go @@ -446,6 +446,10 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error Key: target.NATSUsername, Value: cfg.Username, }, + config.KV{ + Key: target.NATSUserCredentials, + Value: cfg.UserCredentials, + }, config.KV{ Key: target.NATSPassword, Value: cfg.Password, diff --git a/internal/config/notify/parse.go b/internal/config/notify/parse.go index 402a37422..ac80e2e34 100644 --- a/internal/config/notify/parse.go +++ b/internal/config/notify/parse.go @@ -946,6 +946,11 @@ func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s usernameEnv = usernameEnv + config.Default + k } + userCredentialsEnv := target.NATSUserCredentials + if k != config.Default { + userCredentialsEnv = userCredentialsEnv + config.Default + k + } + passwordEnv := target.EnvNATSPassword if k != config.Default { passwordEnv = passwordEnv + config.Default + k @@ -982,21 +987,22 @@ func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s } natsArgs := target.NATSArgs{ - Enable: true, - Address: *address, - Subject: env.Get(subjectEnv, kv.Get(target.NATSSubject)), - Username: env.Get(usernameEnv, kv.Get(target.NATSUsername)), - Password: env.Get(passwordEnv, kv.Get(target.NATSPassword)), - CertAuthority: env.Get(certAuthorityEnv, kv.Get(target.NATSCertAuthority)), - ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)), - ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)), - Token: env.Get(tokenEnv, kv.Get(target.NATSToken)), - TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn, - TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn, - PingInterval: pingInterval, - QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)), - QueueLimit: queueLimit, - RootCAs: rootCAs, + Enable: true, + Address: *address, + Subject: env.Get(subjectEnv, kv.Get(target.NATSSubject)), + Username: env.Get(usernameEnv, kv.Get(target.NATSUsername)), + UserCredentials: env.Get(userCredentialsEnv, kv.Get(target.NATSUserCredentials)), + Password: env.Get(passwordEnv, kv.Get(target.NATSPassword)), + CertAuthority: env.Get(certAuthorityEnv, kv.Get(target.NATSCertAuthority)), + ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)), + ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)), + Token: env.Get(tokenEnv, kv.Get(target.NATSToken)), + TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn, + TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn, + PingInterval: pingInterval, + QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)), + QueueLimit: queueLimit, + RootCAs: rootCAs, } natsArgs.JetStream.Enable = env.Get(jetStreamEnableEnv, kv.Get(target.NATSJetStream)) == config.EnableOn diff --git a/internal/event/target/nats.go b/internal/event/target/nats.go index 415d5b95a..b67ac36b7 100644 --- a/internal/event/target/nats.go +++ b/internal/event/target/nats.go @@ -67,6 +67,7 @@ const ( EnvNATSAddress = "MINIO_NOTIFY_NATS_ADDRESS" EnvNATSSubject = "MINIO_NOTIFY_NATS_SUBJECT" EnvNATSUsername = "MINIO_NOTIFY_NATS_USERNAME" + NATSUserCredentials = "MINIO_NOTIFY_NATS_USER_CREDENTIALS" EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD" EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN" EnvNATSTLS = "MINIO_NOTIFY_NATS_TLS" @@ -90,22 +91,23 @@ const ( // NATSArgs - NATS target arguments. type NATSArgs struct { - Enable bool `json:"enable"` - Address xnet.Host `json:"address"` - Subject string `json:"subject"` - Username string `json:"username"` - Password string `json:"password"` - Token string `json:"token"` - TLS bool `json:"tls"` - TLSSkipVerify bool `json:"tlsSkipVerify"` - Secure bool `json:"secure"` - CertAuthority string `json:"certAuthority"` - ClientCert string `json:"clientCert"` - ClientKey string `json:"clientKey"` - PingInterval int64 `json:"pingInterval"` - QueueDir string `json:"queueDir"` - QueueLimit uint64 `json:"queueLimit"` - JetStream struct { + Enable bool `json:"enable"` + Address xnet.Host `json:"address"` + Subject string `json:"subject"` + Username string `json:"username"` + UserCredentials string `json:"userCredentials"` + Password string `json:"password"` + Token string `json:"token"` + TLS bool `json:"tls"` + TLSSkipVerify bool `json:"tlsSkipVerify"` + Secure bool `json:"secure"` + CertAuthority string `json:"certAuthority"` + ClientCert string `json:"clientCert"` + ClientKey string `json:"clientKey"` + PingInterval int64 `json:"pingInterval"` + QueueDir string `json:"queueDir"` + QueueLimit uint64 `json:"queueLimit"` + JetStream struct { Enable bool `json:"enable"` } `json:"jetStream"` Streaming struct { @@ -167,6 +169,9 @@ func (n NATSArgs) connectNats() (*nats.Conn, error) { if n.Username != "" && n.Password != "" { connOpts = append(connOpts, nats.UserInfo(n.Username, n.Password)) } + if n.UserCredentials != "" { + connOpts = append(connOpts, nats.UserCredentials(n.UserCredentials)) + } if n.Token != "" { connOpts = append(connOpts, nats.Token(n.Token)) } @@ -211,6 +216,9 @@ func (n NATSArgs) connectStan() (stan.Conn, error) { if n.Streaming.MaxPubAcksInflight > 0 { connOpts = append(connOpts, stan.MaxPubAcksInflight(n.Streaming.MaxPubAcksInflight)) } + if n.UserCredentials != "" { + connOpts = append(connOpts, stan.NatsOptions(nats.UserCredentials(n.UserCredentials))) + } return stan.Connect(n.Streaming.ClusterID, clientID, connOpts...) }