diff --git a/server/jwt.go b/server/jwt.go index f6ce2960..38a10c22 100644 --- a/server/jwt.go +++ b/server/jwt.go @@ -48,23 +48,23 @@ func readOperatorJWT(jwtfile string) (string, *jwt.OperatorClaims, error) { } defer wipeSlice(contents) - var claim string + var theJWT string items := nscDecoratedRe.FindAllSubmatch(contents, -1) if len(items) == 0 { - claim = string(contents) + theJWT = string(contents) } else { // First result should be the JWT. // We copy here so that if the file contained a seed file too we wipe appropriately. raw := items[0][1] tmp := make([]byte, len(raw)) copy(tmp, raw) - claim = string(tmp) + theJWT = string(tmp) } - opc, err := jwt.DecodeOperatorClaims(claim) + opc, err := jwt.DecodeOperatorClaims(theJWT) if err != nil { return "", nil, err } - return claim, opc, nil + return theJWT, opc, nil } // Just wipe slice with 'x', for clearing contents of nkey seed file. diff --git a/server/monitor.go b/server/monitor.go index 685eb8b3..4bbeb70a 100644 --- a/server/monitor.go +++ b/server/monitor.go @@ -992,61 +992,61 @@ func (s *Server) HandleStacksz(w http.ResponseWriter, r *http.Request) { // Varz will output server information on the monitoring port at /varz. type Varz struct { - ID string `json:"server_id"` - Name string `json:"server_name"` - Version string `json:"version"` - Proto int `json:"proto"` - GitCommit string `json:"git_commit,omitempty"` - GoVersion string `json:"go"` - Host string `json:"host"` - Port int `json:"port"` - AuthRequired bool `json:"auth_required,omitempty"` - TLSRequired bool `json:"tls_required,omitempty"` - TLSVerify bool `json:"tls_verify,omitempty"` - IP string `json:"ip,omitempty"` - ClientConnectURLs []string `json:"connect_urls,omitempty"` - WSConnectURLs []string `json:"ws_connect_urls,omitempty"` - MaxConn int `json:"max_connections"` - MaxSubs int `json:"max_subscriptions,omitempty"` - PingInterval time.Duration `json:"ping_interval"` - MaxPingsOut int `json:"ping_max"` - HTTPHost string `json:"http_host"` - HTTPPort int `json:"http_port"` - HTTPBasePath string `json:"http_base_path"` - HTTPSPort int `json:"https_port"` - AuthTimeout float64 `json:"auth_timeout"` - MaxControlLine int32 `json:"max_control_line"` - MaxPayload int `json:"max_payload"` - MaxPending int64 `json:"max_pending"` - Cluster ClusterOptsVarz `json:"cluster,omitempty"` - Gateway GatewayOptsVarz `json:"gateway,omitempty"` - LeafNode LeafNodeOptsVarz `json:"leaf,omitempty"` - JetStream JetStreamVarz `json:"jetstream,omitempty"` - TLSTimeout float64 `json:"tls_timeout"` - WriteDeadline time.Duration `json:"write_deadline"` - Start time.Time `json:"start"` - Now time.Time `json:"now"` - Uptime string `json:"uptime"` - Mem int64 `json:"mem"` - Cores int `json:"cores"` - MaxProcs int `json:"gomaxprocs"` - CPU float64 `json:"cpu"` - Connections int `json:"connections"` - TotalConnections uint64 `json:"total_connections"` - Routes int `json:"routes"` - Remotes int `json:"remotes"` - Leafs int `json:"leafnodes"` - InMsgs int64 `json:"in_msgs"` - OutMsgs int64 `json:"out_msgs"` - InBytes int64 `json:"in_bytes"` - OutBytes int64 `json:"out_bytes"` - SlowConsumers int64 `json:"slow_consumers"` - Subscriptions uint32 `json:"subscriptions"` - HTTPReqStats map[string]uint64 `json:"http_req_stats"` - ConfigLoadTime time.Time `json:"config_load_time"` - Tags jwt.TagList `json:"tags,omitempty"` - OperatorJwt []string `json:"operator_jwt,omitempty"` - OperatorClaim []*jwt.OperatorClaims `json:"operator_claim,omitempty"` + ID string `json:"server_id"` + Name string `json:"server_name"` + Version string `json:"version"` + Proto int `json:"proto"` + GitCommit string `json:"git_commit,omitempty"` + GoVersion string `json:"go"` + Host string `json:"host"` + Port int `json:"port"` + AuthRequired bool `json:"auth_required,omitempty"` + TLSRequired bool `json:"tls_required,omitempty"` + TLSVerify bool `json:"tls_verify,omitempty"` + IP string `json:"ip,omitempty"` + ClientConnectURLs []string `json:"connect_urls,omitempty"` + WSConnectURLs []string `json:"ws_connect_urls,omitempty"` + MaxConn int `json:"max_connections"` + MaxSubs int `json:"max_subscriptions,omitempty"` + PingInterval time.Duration `json:"ping_interval"` + MaxPingsOut int `json:"ping_max"` + HTTPHost string `json:"http_host"` + HTTPPort int `json:"http_port"` + HTTPBasePath string `json:"http_base_path"` + HTTPSPort int `json:"https_port"` + AuthTimeout float64 `json:"auth_timeout"` + MaxControlLine int32 `json:"max_control_line"` + MaxPayload int `json:"max_payload"` + MaxPending int64 `json:"max_pending"` + Cluster ClusterOptsVarz `json:"cluster,omitempty"` + Gateway GatewayOptsVarz `json:"gateway,omitempty"` + LeafNode LeafNodeOptsVarz `json:"leaf,omitempty"` + JetStream JetStreamVarz `json:"jetstream,omitempty"` + TLSTimeout float64 `json:"tls_timeout"` + WriteDeadline time.Duration `json:"write_deadline"` + Start time.Time `json:"start"` + Now time.Time `json:"now"` + Uptime string `json:"uptime"` + Mem int64 `json:"mem"` + Cores int `json:"cores"` + MaxProcs int `json:"gomaxprocs"` + CPU float64 `json:"cpu"` + Connections int `json:"connections"` + TotalConnections uint64 `json:"total_connections"` + Routes int `json:"routes"` + Remotes int `json:"remotes"` + Leafs int `json:"leafnodes"` + InMsgs int64 `json:"in_msgs"` + OutMsgs int64 `json:"out_msgs"` + InBytes int64 `json:"in_bytes"` + OutBytes int64 `json:"out_bytes"` + SlowConsumers int64 `json:"slow_consumers"` + Subscriptions uint32 `json:"subscriptions"` + HTTPReqStats map[string]uint64 `json:"http_req_stats"` + ConfigLoadTime time.Time `json:"config_load_time"` + Tags jwt.TagList `json:"tags,omitempty"` + TrustedOperatorsJwt []string `json:"trusted_operators_jwt,omitempty"` + TrustedOperatorsClaim []*jwt.OperatorClaims `json:"trusted_operators_claim,omitempty"` } // JetStreamVarz contains basic runtime information about jetstream @@ -1253,13 +1253,13 @@ func (s *Server) createVarz(pcpu float64, rss int64) *Varz { TLSVerify: leafTlsVerify, Remotes: []RemoteLeafOptsVarz{}, }, - Start: s.start, - MaxSubs: opts.MaxSubs, - Cores: numCores, - MaxProcs: maxProcs, - Tags: opts.Tags, - OperatorJwt: opts.operatorJWT, - OperatorClaim: opts.TrustedOperators, + Start: s.start, + MaxSubs: opts.MaxSubs, + Cores: numCores, + MaxProcs: maxProcs, + Tags: opts.Tags, + TrustedOperatorsJwt: opts.operatorJWT, + TrustedOperatorsClaim: opts.TrustedOperators, } if len(opts.Routes) > 0 { varz.Cluster.URLs = urlsToStrings(opts.Routes) diff --git a/server/monitor_test.go b/server/monitor_test.go index c42cccb2..a0512988 100644 --- a/server/monitor_test.go +++ b/server/monitor_test.go @@ -3517,16 +3517,16 @@ func TestMonitorOpJWT(t *testing.T) { for pollMode := 1; pollMode < 2; pollMode++ { l := pollVarz(t, sa, pollMode, pollURL, nil) - if len(l.OperatorJwt) != 1 { + if len(l.TrustedOperatorsJwt) != 1 { t.Fatalf("Expected one operator jwt") } - if len(l.OperatorClaim) != 1 { + if len(l.TrustedOperatorsClaim) != 1 { t.Fatalf("Expected one operator claim") } - if l.OperatorJwt[0] != string(theJWT) { + if l.TrustedOperatorsJwt[0] != string(theJWT) { t.Fatalf("Expected operator to be identical to configuration") } - if !reflect.DeepEqual(l.OperatorClaim[0], claim) { + if !reflect.DeepEqual(l.TrustedOperatorsClaim[0], claim) { t.Fatal("claims need to be equal") } } diff --git a/server/opts.go b/server/opts.go index 49b15013..ee3e9a77 100644 --- a/server/opts.go +++ b/server/opts.go @@ -227,10 +227,8 @@ type Options struct { // Operating a trusted NATS server TrustedKeys []string `json:"-"` TrustedOperators []*jwt.OperatorClaims `json:"-"` - operatorJWT []string - AccountResolver AccountResolver `json:"-"` - AccountResolverTLSConfig *tls.Config `json:"-"` - resolverPreloads map[string]string + AccountResolver AccountResolver `json:"-"` + AccountResolverTLSConfig *tls.Config `json:"-"` CustomClientAuthentication Authentication `json:"-"` CustomRouterAuthentication Authentication `json:"-"` @@ -257,6 +255,10 @@ type Options struct { inConfig map[string]bool inCmdLine map[string]bool + // private fields for operator mode + operatorJWT []string + resolverPreloads map[string]string + // private fields, used for testing gatewaysSolicitDelay time.Duration routeProto int