gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
4,650 Commits 30 Branches 48 Tags
ocsp-test
Commit Graph

73 Commits

Author SHA1 Message Date
Ivan Kozlovic
23ec1daab5 Bump to beta 16 and ran go mod tidy 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2021-06-22 11:42:43 -06:00
Derek Collison
9fd5bfcdbf Add in chacha20 and poly1305 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-06-21 19:16:20 -07:00
Jaime Piña
0072107110 Vendor ocsp dep 2021-05-24 10:52:27 -07:00
Derek Collison
41ec9359fc Update client to released version 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-05-06 18:46:32 -06:00
Matthias Hanel
61bf08fd98 [fixed] decorated jwt parsing issue by using same functionality of jwt 
fixes #2069

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-05-04 23:04:51 -04:00
Ivan Kozlovic
38dcc79b3b Release v2.2.2 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2021-04-22 11:14:09 -06:00
Derek Collison
518ff9be14 Concurrent multiple durable subscribers would cause unpredictable behaviors. 
Upgraded to current Go client.

Signed-off-by: Derek Collison <derek@nats.io>
 2021-04-20 19:50:24 -07:00
Ivan Kozlovic
c2ee75303b Release v2.2.1 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2021-04-02 16:38:10 -06:00
Matthias Hanel
e390958beb Updated go client for unit tests and fixing test 
One test had a race.
For the other one, the updated go client changed the callback used.s

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-03-30 21:46:39 -04:00
Jaime Piña
6941bb3ade Update Go client in tests 2021-03-30 13:17:34 -07:00
Ivan Kozlovic
0d5b037fc3 Release v2.2.0 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2021-03-14 19:51:14 -06:00
Matthias Hanel
eb1a91d5b6 [fixed] private import issue by pulling in up to date jwt library 
Also prevent nats based account resolver from storing invalid jwt
Updated compress and highwayhash

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-03-14 19:37:14 -04:00
R.I.Pienaar
236498a142 restore meta peer remove by name rather than id 
Signed-off-by: R.I.Pienaar <rip@devco.net>
 2021-03-03 15:55:50 +01:00
Derek Collison
7c67a9c5cc Update Go client 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-02-28 05:11:01 -08:00
Derek Collison
afea79610a Consumer interest was not properly handled cross cluster. 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-02-18 18:29:59 -08:00
Matthias Hanel
0cae6ab4e7 [added] support for jwt based account mappings (#1897) 
support for jwt based account mappings

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-02-08 17:25:14 -05:00
Matthias Hanel
3799b90011 [Adding] support for account_token_position (#1874) 
This change does 4 things:
Refactor to only have one function to validate imports.
Have this function support the jwt field account_token_position.
For completeness make this value configurable as well.
unit tests.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-02-01 19:51:36 -05:00
Derek Collison
a9b8948abe Add in tracking for quorum in raft and do auto stepdown. 
Also added in API responses when no leader is present for meta, streams and consumers.

Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-27 13:34:00 -08:00
Matthias Hanel
dea9effa8d [added] support for StrictSigningKeyUsage and updated jwt library (#1845) 
This will cause the server to not trust accounts/user signed by an
identity key

The boot strapping system account will assume the account is issued by
the operator.
If this is not desirable, the system account can be provided right away
as resolver_preload.

[fixes] crash when the system account uses signing keys and an update changes that key set.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-26 17:49:58 -05:00
Derek Collison
9c858d197a Added ability to properly restore consumers from a snapshot. 
This made us add forwarding proposals functionality in the raft layer.
More general cleanup and bug fixes as well.

Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-24 19:30:34 -08:00
Derek Collison
d7cfb8f6e9 Use client version for stream and consumer extended info 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-22 13:11:36 -08:00
Derek Collison
cb69df7118 Add proper support for stream update 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-16 06:29:37 -08:00
Derek Collison
4bfe9d4c24 Fixes to PR. 
Add nats to default storage directory
Fix race in raft, change leader notice
Fix test crash on failure

Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-14 05:56:05 -08:00
Derek Collison
37cf7584bd Merge branch 'master' into jsc 2021-01-14 02:52:35 -07:00
Derek Collison
f0cdf89c61 JetStream Clustering WIP 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-14 01:14:52 -08:00
Matthias Hanel
0ff6252692 Added tests for cfg/jwt based queue restrictions and updated jwt lib 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-07 17:30:51 -05:00
Matthias Hanel
d59b074c64 Incorporating review comments 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-05 18:45:46 -05:00
Matthias Hanel
592a6447a7 [Added] support for wildcard services and import remapping by JWT. 
Imports in JWT where extended to contain a new filed LocalSubject.
This Change pulls the new JWT library version in.
It was needed as prefix did not exist in the JWT library and the
original field could not be used. The field To has been deprecated.

When LocalSubject is set, service imports can be configured the same way
they are in config. Meaning, no reversal due to the type.

This change also ensures that wildcard references in transforms are only
set in To/LocalSubject. Before, for services, $1 would have to be set in Subject.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-04 14:11:36 -05:00
Alberto Ricart
f09992a889 updated iteration of signing keys (previously a list, now a map). (#1779) 2020-12-17 13:59:18 -07:00
Matthias Hanel
c6daffbfcc [Added] ability to use jwt latency sampling properties headers/share 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-12-16 14:34:09 -05:00
Ivan Kozlovic
a79a4d9834 Updated go mod/vendor due to PR #1737 
The PR #1737 added a new file with an import of "golang.org/x/sys/unix"
but vendor directory was not updated.

Related to #1737

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2020-12-16 12:19:31 -07:00
Derek Collison
3b18f188ed Switched behavior to never refuse new request, and to alert when expiring ones with interest 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-10-21 10:35:29 -07:00
Derek Collison
610d2d21b7 More robust waiting queue for pull mode consumers 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-10-19 19:51:46 -07:00
Matthias Hanel
2bfb8b1227 [Fixed] revocation check for activations used current time instead of jwt issue time 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-10-15 15:36:50 -04:00
Matthias Hanel
387e1e1ee4 [Fixed] revocation check used current time instead of jwt issue time 
Also empty revoked keys once account jwt has no revocations.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-10-06 21:45:34 -04:00
Matthias Hanel
08e37e0d94 Updated jwt library and check (account/token) issuer prior to jwt Validate 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-09-29 21:03:40 -04:00
Ivan Kozlovic
7ccbaca782 Added an allowed connection type filter for users 
Users and NKey users will now have the option to specify a list
of allowed connection types.

This will allow for instance a certain user to be allowed to
connect as a standard NATS client, but not as Websocket, or
vice-versa.

This also fixes the websocket auth override. Indeed, with
the original behavior, the websocket users would have been bound
to $G, which would not work when there are accounts defined, since
when that is the case, no app can connect/bind to $G account.

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2020-09-16 18:22:44 -06:00
Matthias Hanel
431560b004 Update JWT and incorporate change of cidr ranges from string to array 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-08-27 23:11:54 -04:00
Matthias Hanel
32615b4c71 Update jwtv2 and fix test that embedded jwtv2 operators 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-08-24 11:49:50 -04:00
Derek Collison
06ca580334 Update write deadline, client processing and slow proxy 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-06-30 16:41:01 -07:00
Derek Collison
4dee03b587 Allow mixed TLS and non-TLS on same port 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-06-05 18:04:11 -07:00
Matthias Hanel
cf6fcda75c Added default_permissions to accounts and account jwt 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-06-02 16:06:01 -04:00
Matthias Hanel
2d61507bb7 Moving nats.go unit test and updating go modules 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-06-02 12:44:00 -04:00
Matthias Hanel
547afa47d6 Pulling in updated jwtv2 and using server version stored in operator 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-06-01 18:08:50 -04:00
aricart
38d179c100 updated jwtv2 2020-06-01 18:01:12 -04:00
aricart
e7590f3065 jwt2 testbed 2020-06-01 18:00:13 -04:00
Derek Collison
19cf156d00 go.mod cleanup 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-31 05:46:16 -07:00
Derek Collison
dbde2479c2 Add in headers to consumer delivered messages 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-30 15:03:54 -07:00
Derek Collison
eca04c6fce First pass header support for JetStream 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-30 10:04:23 -07:00
Derek Collison
c9f78d6f79 Fixes post rebasing with master 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-19 16:38:19 -07:00