[FIXED] Gateway's implicit connection not using global user/pass

If a gateway is configured with an authorization block containing username and password and accepts an unknown Gateway connection, when initiating the outbound connection, it should use the gateway authorization's user/pass information. Resolves #1912 Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
2026-04-17 03:24:40 -07:00 · 2021-02-16 10:06:06 -07:00
parent 546f7a9816
commit 8598de6dbe
2 changed files with 43 additions and 2 deletions
--- a/server/gateway.go
+++ b/server/gateway.go
@@ -843,7 +843,7 @@ func (s *Server) createGateway(cfg *gatewayCfg, url *url.URL, conn net.Conn) {
 }

 // Builds and sends the CONNECT protocol for a gateway.
-func (c *client) sendGatewayConnect() {
+func (c *client) sendGatewayConnect(opts *Options) {
 	tlsRequired := c.gw.cfg.TLSConfig != nil
 	url := c.gw.connectURL
 	c.gw.connectURL = nil
@@ -851,6 +851,9 @@ func (c *client) sendGatewayConnect() {
 	if userInfo := url.User; userInfo != nil {
 		user = userInfo.Username()
 		pass, _ = userInfo.Password()
+	} else if opts != nil {
+		user = opts.Gateway.Username
+		pass = opts.Gateway.Password
 	}
 	cinfo := connectInfo{
 		Verbose:  false,
@@ -1000,12 +1003,13 @@ func (c *client) processGatewayInfo(info *Info) {
 			s.gateway.RUnlock()

 			supportsHeaders := s.supportsHeaders()
+			opts := s.getOpts()

 			// Note, if we want to support NKeys, then we would get the nonce
 			// from this INFO protocol and can sign it in the CONNECT we are
 			// going to send now.
 			c.mu.Lock()
-			c.sendGatewayConnect()
+			c.sendGatewayConnect(opts)
 			c.Debugf("Gateway connect protocol sent to %q", gwName)
 			// Send INFO too
 			c.enqueueProto(infoJSON)
--- a/server/gateway_test.go
+++ b/server/gateway_test.go
@@ -6420,3 +6420,40 @@ func TestGatewayTLSConfigReloadForRemote(t *testing.T) {
 	waitForInboundGateways(t, srvB, 1, time.Second)
 	waitForOutboundGateways(t, srvB, 1, time.Second)
 }
+
+func TestGatewayAuthDiscovered(t *testing.T) {
+	SetGatewaysSolicitDelay(5 * time.Millisecond)
+	defer ResetGatewaysSolicitDelay()
+
+	confA := createConfFile(t, []byte(`
+		listen: 127.0.0.1:-1
+		gateway {
+			name: "A"
+			listen: 127.0.0.1:-1
+			authorization: { user: gwuser, password: changeme }
+		}
+	`))
+	defer os.Remove(confA)
+	srvA, optsA := RunServerWithConfig(confA)
+	defer srvA.Shutdown()
+
+	confB := createConfFile(t, []byte(fmt.Sprintf(`
+		listen: 127.0.0.1:-1
+		gateway {
+			name: "B"
+			listen: 127.0.0.1:-1
+			authorization: { user: gwuser, password: changeme }
+			gateways: [
+				{ name: A, url: nats://gwuser:changeme@127.0.0.1:%d }
+			]
+		}
+	`, optsA.Gateway.Port)))
+	defer os.Remove(confB)
+	srvB, _ := RunServerWithConfig(confB)
+	defer srvB.Shutdown()
+
+	waitForInboundGateways(t, srvA, 1, time.Second)
+	waitForOutboundGateways(t, srvA, 1, time.Second)
+	waitForInboundGateways(t, srvB, 1, time.Second)
+	waitForOutboundGateways(t, srvB, 1, time.Second)
+}