Changed account lookup and validation failures to be more understandable by users.
Changed limits to be -1 for unlimited to match jwt pkg.
The limits changed exposed problems with options holding real objects causing issues with reload tests under race mode.
Longer term this code should be reworked such that options only hold config data, not real structs, etc.
Signed-off-by: Derek Collison <derek@nats.io>
When a TLS timeout occurs, it was possible that code trying to
send data would get a timeout error and report it as a Slow Consumer
with the write deadline exceeded error.
Checking that if the connection is TLS and handshake not complete,
it is likely a TLS timeout error instead.
Resolves#835
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
Although Gateways reload is not supported at the moment, I had
to add the trap in the switch statement because it would find
a difference. The reason is the TLSConfig object that is likely
to not pass the reflect.DeepEqual test. So for now, I exclude this
from the deep equal test and fail the reload only if the user
has explicitly changed the configuration.
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
Removed the code getting matching subscriptions and trying
to exclude non internal interest since as soon as there is
routing and/or gateway, it is likely that server would end-up
generating the payload and sending. May need to revisit.
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
Added update to parse and load operator JWTs.
Changed to add in signing keys from operator JWT to list of trusted keys.
Added URL account resolver.
Added account claim updates by system messages.
Signed-off-by: Derek Collison <derek@nats.io>
Specifically this is to support distributed tracking of number of account connections across clusters.
Gateways may not work yet based on attempts to only generate payloads when we know there is outside interest.
Signed-off-by: Derek Collison <derek@nats.io>
We can't use a simple sync.Map here because the noInterest map
for inbound gateway connections are used concurrently. Indeed,
whenever an account would have been registered or a new sub created
this could trigger an update of that map in order to clear the
fact that we had sent an A-/RS- and now are sending an A+/RS+.
So changed to simple map but protected by gw connection's lock.
Without this change, server would panic if there are messages
published to cluster A that are sent to server B while a sub
is then created on matching subject on B.
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
Need to make sure message is received before unsub'ing because
otherwise it would be possible that the unsub happens before
message is delivered, which would have resulted in an RS- while
we were expecting the message to not cause one.
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
