14765656943

Committed 30 Apr 2025 10:34PM UTC coverage: 69.949% (-4.2%) from 74.148%

Build # 14765656943

Build Type

Pull #691

github

Committed by

web-flow

Commit Message

Merge b4ee16f94 into a9c0df586

Pull Request Pull Request #691: Generate docs

Run Details

1 of 1 new or added line in 1 file covered. (100.0%)

3680 existing lines in 93 files now uncovered.

12325 of 17620 relevant lines covered (69.95%)

1.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.74

/cmd/natsresolverconfigbuilder.go

// Copyright 2018-2020 The NATS Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package cmd

import (
        "errors"
        "fmt"

        "github.com/nats-io/jwt/v2"
)

type NatsResolverConfigBuilder struct {
        operator       string
        operatorName   string
        sysAccountSubj string
        sysAccount     string
        sysAccountName string
        cache          bool
}

func NewNatsResolverConfigBuilder(cache bool) *NatsResolverConfigBuilder {
        cb := NatsResolverConfigBuilder{cache: cache}
        return &cb
}

func (cb *NatsResolverConfigBuilder) Add(rawClaim []byte) error {
        token := string(rawClaim)
        gc, err := jwt.DecodeGeneric(token)
        if err != nil {
                return err
        }
        switch gc.ClaimType() {
        case jwt.OperatorClaim:
                if claim, err := jwt.DecodeOperatorClaims(token); err != nil {
                        return err
                } else {
                        cb.operator = token
                        cb.operatorName = claim.Name
                }
        case jwt.AccountClaim:
                if claim, err := jwt.DecodeAccountClaims(token); err != nil {
                        return err
                } else if claim.Subject == cb.sysAccountSubj {
                        cb.sysAccount = token
                        cb.sysAccountName = claim.Name
                }
        }
        return nil
}

func (cb *NatsResolverConfigBuilder) SetOutputDir(fp string) error {
        return errors.New("nats-resolver configurations don't support directory output")
}

func (cb *NatsResolverConfigBuilder) SetSystemAccount(id string) error {
        cb.sysAccountSubj = id
        return nil
}

const tmplPreLoad = `
# Preload the nats based resolver with the system account jwt.
# This is not necessary but avoids a bootstrapping system account. 
# This only applies to the system account. Therefore other account jwt are not included here.
# To populate the resolver:
# 1) make sure that your operator has the account server URL pointing at your nats servers.
#    The url must start with: "nats://" 
#    nsc edit operator --account-jwt-server-url nats://localhost:4222
# 2) push your accounts using: nsc push --all
#    The argument to push -u is optional if your account server url is set as described.
# 3) to prune accounts use: nsc push --prune 
#    In order to enable prune you must set above allow_delete to true
# Later changes to the system account take precedence over the system account jwt listed here.
resolver_preload: {
        %s: %s,
}
`

const tmplFull = `# Operator named %s
operator: %s
# System Account named %s
system_account: %s

# configuration of the nats based resolver
resolver {
    type: full
    # Directory in which the account jwt will be stored
    dir: './jwt'
    # In order to support jwt deletion, set to true
    # If the resolver type is full delete will rename the jwt.
    # This is to allow manual restoration in case of inadvertent deletion.
    # To restore a jwt, remove the added suffix .delete and restart or send a reload signal.
    # To free up storage you must manually delete files with the suffix .delete.
    allow_delete: false
    # Interval at which a nats-server with a nats based account resolver will compare
    # it's state with one random nats based account resolver in the cluster and if needed, 
    # exchange jwt and converge on the same set of jwt.
    interval: "2m"
    # Timeout for lookup requests in case an account does not exist locally.
    timeout: "1.9s"
}

%s
`

const tmplCache = `# Operator named %s
operator: %s
# System Account named %s
system_account: %s

# configuration of the nats based cache resolver
resolver {
    type: cache
    # Directory in which the account jwt will be stored
    dir: './jwt'
    # ttl after which the file will be removed from the cache. Set to a large value in order to disable.
    ttl: "1h"
    # Timeout for lookup requests in case an account does not exist locally.
    timeout: "1.9s"
}

%s
`

func (cb *NatsResolverConfigBuilder) Generate() ([]byte, error) {
        if cb.operator == "" {
                return nil, errors.New("operator is not set")
        }
        if cb.sysAccountSubj == "" || cb.sysAccount == "" {
                return nil, errors.New("system account is not set")
        }
        tmpl := tmplFull
        if cb.cache {
                tmpl = tmplCache
        }
        return []byte(fmt.Sprintf(tmpl, cb.operatorName, cb.operator, cb.sysAccountName, cb.sysAccountSubj,
                fmt.Sprintf(tmplPreLoad, cb.sysAccountSubj, cb.sysAccount))), nil
}

1	// Copyright 2018-2020 The NATS Authors
2	// Licensed under the Apache License, Version 2.0 (the "License");
3	// you may not use this file except in compliance with the License.
4	// You may obtain a copy of the License at
5	//
6	// http://www.apache.org/licenses/LICENSE-2.0
7	//
8	// Unless required by applicable law or agreed to in writing, software
9	// distributed under the License is distributed on an "AS IS" BASIS,
10	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11	// See the License for the specific language governing permissions and
12	// limitations under the License.
13
14	package cmd
15
16	import (
17	"errors"
18	"fmt"
19
20	"github.com/nats-io/jwt/v2"
21	)
22
23	type NatsResolverConfigBuilder struct {
24	operator string
25	operatorName string
26	sysAccountSubj string
27	sysAccount string
28	sysAccountName string
29	cache bool
30	}
31
32	func NewNatsResolverConfigBuilder(cache bool) *NatsResolverConfigBuilder {
33	cb := NatsResolverConfigBuilder{cache: cache}
34	return &cb	2✔
35	}	2✔
36		2✔
37	func (cb *NatsResolverConfigBuilder) Add(rawClaim []byte) error {	2✔
38	token := string(rawClaim)
39	gc, err := jwt.DecodeGeneric(token)	2✔
40	if err != nil {	2✔
41	return err	2✔
42	}	2✔
UNCOV 43	switch gc.ClaimType() {	×
UNCOV 44	case jwt.OperatorClaim:	×
45	if claim, err := jwt.DecodeOperatorClaims(token); err != nil {	2✔
46	return err	2✔
47	} else {	2✔
UNCOV 48	cb.operator = token	×
49	cb.operatorName = claim.Name	2✔
50	}	2✔
51	case jwt.AccountClaim:	2✔
52	if claim, err := jwt.DecodeAccountClaims(token); err != nil {	2✔
53	return err	2✔
54	} else if claim.Subject == cb.sysAccountSubj {	2✔
UNCOV 55	cb.sysAccount = token	×
56	cb.sysAccountName = claim.Name	4✔
57	}	2✔
58	}	2✔
59	return nil	2✔
60	}
61		2✔
62	func (cb *NatsResolverConfigBuilder) SetOutputDir(fp string) error {
63	return errors.New("nats-resolver configurations don't support directory output")
64	}	×
UNCOV 65		×
UNCOV 66	func (cb *NatsResolverConfigBuilder) SetSystemAccount(id string) error {	×
67	cb.sysAccountSubj = id
68	return nil	2✔
69	}	2✔
70		2✔
71	const tmplPreLoad = `	2✔
72	# Preload the nats based resolver with the system account jwt.
73	# This is not necessary but avoids a bootstrapping system account.
74	# This only applies to the system account. Therefore other account jwt are not included here.
75	# To populate the resolver:
76	# 1) make sure that your operator has the account server URL pointing at your nats servers.
77	# The url must start with: "nats://"
78	# nsc edit operator --account-jwt-server-url nats://localhost:4222
79	# 2) push your accounts using: nsc push --all
80	# The argument to push -u is optional if your account server url is set as described.
81	# 3) to prune accounts use: nsc push --prune
82	# In order to enable prune you must set above allow_delete to true
83	# Later changes to the system account take precedence over the system account jwt listed here.
84	resolver_preload: {
85	%s: %s,
86	}
87	`
88
89	const tmplFull = `# Operator named %s
90	operator: %s
91	# System Account named %s
92	system_account: %s
93
94	# configuration of the nats based resolver
95	resolver {
96	type: full
97	# Directory in which the account jwt will be stored
98	dir: './jwt'
99	# In order to support jwt deletion, set to true
100	# If the resolver type is full delete will rename the jwt.
101	# This is to allow manual restoration in case of inadvertent deletion.
102	# To restore a jwt, remove the added suffix .delete and restart or send a reload signal.
103	# To free up storage you must manually delete files with the suffix .delete.
104	allow_delete: false
105	# Interval at which a nats-server with a nats based account resolver will compare
106	# it's state with one random nats based account resolver in the cluster and if needed,
107	# exchange jwt and converge on the same set of jwt.
108	interval: "2m"
109	# Timeout for lookup requests in case an account does not exist locally.
110	timeout: "1.9s"
111	}
112
113	%s
114	`
115
116	const tmplCache = `# Operator named %s
117	operator: %s
118	# System Account named %s
119	system_account: %s
120
121	# configuration of the nats based cache resolver
122	resolver {
123	type: cache
124	# Directory in which the account jwt will be stored
125	dir: './jwt'
126	# ttl after which the file will be removed from the cache. Set to a large value in order to disable.
127	ttl: "1h"
128	# Timeout for lookup requests in case an account does not exist locally.
129	timeout: "1.9s"
130	}
131
132	%s
133	`
134
135	func (cb *NatsResolverConfigBuilder) Generate() ([]byte, error) {
136	if cb.operator == "" {
137	return nil, errors.New("operator is not set")	2✔
138	}	2✔
UNCOV 139	if cb.sysAccountSubj == "" \|\| cb.sysAccount == "" {	×
140	return nil, errors.New("system account is not set")	×
141	}	2✔
UNCOV 142	tmpl := tmplFull	×
UNCOV 143	if cb.cache {	×
144	tmpl = tmplCache	2✔
145	}	2✔
UNCOV 146	return []byte(fmt.Sprintf(tmpl, cb.operatorName, cb.operator, cb.sysAccountName, cb.sysAccountSubj,	×
UNCOV 147	fmt.Sprintf(tmplPreLoad, cb.sysAccountSubj, cb.sysAccount))), nil	×
148	}	2✔

nats-io / nsc / 14765656943

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous