gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
7de3568f3990760fdbc23d92f317d0a22a9cb640
nats-server/server/configs/authorization.conf
Derek Collison 495a1a7ec3 Allow dynamic publish permissions based on reply subjects of received msgs 
Signed-off-by: Derek Collison <derek@nats.io>
2019-07-25 13:17:26 -07:00

51 lines
1.3 KiB
Plaintext
Raw Blame History

listen: 127.0.0.1:4222
authorization {
# Our role based permissions.
# Superuser can do anything.
super_user = {
publish = "*"
subscribe = ">"
}
# Can do requests on foo or bar, and subscribe to anything
# that is a response to an _INBOX.
#
# Notice that authorization filters can be singletons or arrays.
req_pub_user = {
publish = ["req.foo", "req.bar"]
subscribe = "_INBOX.>"
}
# Setup a default user that can subscribe to anything, but has
# no publish capabilities.
default_user = {
subscribe = "PUBLIC.>"
}
# Service can listen on the request subject and respond to any
# received reply subject.
my_service = {
subscribe = "my.service.req"
publish_allow_responses: true
}
# Can support a map with max messages and expiration of the permission.
my_stream_service = {
subscribe = "my.service.req"
allow_responses: {max: 10, expires: "1m"}
}
# Default permissions if none presented. e.g. susan below.
default_permissions: $default_user
# Users listed with persmissions.
users = [
{user: alice, password: foo, permissions: $super_user}
{user: bob, password: bar, permissions: $req_pub_user}
{user: susan, password: baz}
{user: svca, password: pc, permissions: $my_service}
{user: svcb, password: sam, permissions: $my_stream_service}
]
}
Reference in New Issue View Git Blame Copy Permalink