diff --git a/AUTH.md b/AUTH.md index 78d03c37..b150dbfd 100644 --- a/AUTH.md +++ b/AUTH.md @@ -111,7 +111,7 @@ Permissions: ## Configuring NATS Server -TODO: Full resolver generate +Using `nats server generate` create a configuration file which will pre-load the important JWTs. ``` $ nats-server --config nats-server.conf diff --git a/cli/auth_operator_command.go b/cli/auth_operator_command.go index 99e80453..03a51dd2 100644 --- a/cli/auth_operator_command.go +++ b/cli/auth_operator_command.go @@ -14,7 +14,6 @@ package cli import ( - "bytes" "encoding/base64" "encoding/json" "errors" @@ -23,10 +22,7 @@ import ( "net/url" "os" "sort" - "text/template" - "github.com/choria-io/scaffold/forms" - "github.com/ghodss/yaml" au "github.com/nats-io/natscli/internal/auth" iu "github.com/nats-io/natscli/internal/util" @@ -51,7 +47,6 @@ type authOperatorCommand struct { pubKey string outputFile string encKey string - jetstream bool tags []string rmTags []string } @@ -88,11 +83,6 @@ func configureAuthOperatorCommand(auth commandHost) { sel := op.Command("select", "Selects the default operator").Action(c.selectAction) sel.Arg("name", "Operator to select").StringVar(&c.operatorName) - scaffold := op.Command("generate", "Guided creation of a Operator managed NATS Server").Alias("scaffold").Alias("gen").Action(c.generateAction) - scaffold.Arg("name", "Operator to act on").StringVar(&c.operatorName) - scaffold.Flag("output", "Location to store the configuration").Short('O').StringVar(&c.outputFile) - scaffold.Flag("jetstream", "Enables JetStream").BoolVar(&c.jetstream) - backup := op.Command("backup", "Creates a backup of an operator").Action(c.backupAction) backup.Arg("name", "Operator to act on").Required().StringVar(&c.operatorName) backup.Arg("output", "File to write backup to").Required().StringVar(&c.outputFile) @@ -117,58 +107,6 @@ func configureAuthOperatorCommand(auth commandHost) { skrm.Flag("force", "Remove without prompting").Short('f').UnNegatableBoolVar(&c.force) } -func (c *authOperatorCommand) generateAction(_ *fisk.ParseContext) error { - _, oper, err := au.SelectOperator(c.operatorName, true, false) - if err != nil { - return err - } - - var f forms.Form - err = yaml.Unmarshal(au.ResolverForm, &f) - if err != nil { - return err - } - - res, err := forms.ProcessForm(f, map[string]any{ - "jetstream": c.jetstream, - "operator": oper, - }) - if err != nil { - return err - } - - t, err := template.New("nats-server.conf").Parse(au.ResolverTemplate) - if err != nil { - return err - } - - res["operator"] = oper - res["system"], _ = oper.Accounts().Get("SYSTEM") - - buff := bytes.NewBuffer([]byte{}) - err = t.Execute(buff, res) - if err != nil { - return err - } - - fmt.Println() - - if c.outputFile == "" { - fmt.Println("Generated Server Config") - fmt.Println() - fmt.Println(buff.String()) - return nil - } - - err = os.WriteFile(c.outputFile, buff.Bytes(), 0600) - if err != nil { - return err - } - fmt.Printf("Generated server configuration written to %s\n", c.outputFile) - - return nil -} - func (c *authOperatorCommand) selectAction(_ *fisk.ParseContext) error { _, oper, err := au.SelectOperator(c.operatorName, true, false) if err != nil { diff --git a/cli/server_generate.go b/cli/server_generate.go index 30aaf039..9b576d08 100644 --- a/cli/server_generate.go +++ b/cli/server_generate.go @@ -34,7 +34,7 @@ type serverGenerateCmd struct { func configureServerGenerateCommand(srv *fisk.CmdClause) { c := &serverGenerateCmd{} - gen := srv.Command("generate", `Generate server configurations`).Hidden().Alias("gen").Action(c.generateAction) + gen := srv.Command("generate", `Generate server configurations`).Alias("gen").Action(c.generateAction) gen.Arg("target", "Write the output to a specific location").Required().StringVar(&c.target) gen.Flag("source", "Fetch the configuration bundle from a file or URL").StringVar(&c.source) } diff --git a/internal/auth/auth.go b/internal/auth/auth.go index e1e05436..1522dea0 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -30,12 +30,6 @@ import ( "github.com/synadia-io/jwt-auth-builder.go/providers/nsc" ) -//go:embed resolver_form.yaml -var ResolverForm []byte - -//go:embed resolver_template.txt -var ResolverTemplate string - type listWithNames interface { Name() string } diff --git a/internal/auth/resolver_form.yaml b/internal/auth/resolver_form.yaml deleted file mode 100644 index d8922cef..00000000 --- a/internal/auth/resolver_form.yaml +++ /dev/null @@ -1,74 +0,0 @@ -name: nats-server.conf -description: | - Operator Managed NATS Server - - This wizard will guide you through a series of question to create a - NATS Server configuration managed by the "{{ .operator.Name }}" operator - {{ if not .jetstream }} - The configuration can include JetStream configuration by passing - the --jetstream flag on the command line. - {{- end -}} -properties: - - name: server_name - description: Unique name for this server - help: Each server needs a Unique name, by default this uses the FQDN but in JetStream scenarios it is worth setting stable names and adjusting DNS pointing at the right node. - default: nats.example.net - required: true - - name: address - description: Address to listen on - default: "0.0.0.0" - validation: isIP(value) - - name: port - description: The port to listen on for client connections - default: "4222" - type: integer - - name: monitor_port - description: Port to listen on for monitoring requests - default: "8222" - type: integer - - - name: jetstream - description: | - JetStream configuration - - We will now configure the NATS JetStream persistence layer. Setting the limits - to -1 means a dynamic value will be chosen by the server at start. We strongly - suggest setting specific limits. - - See https://docs.nats.io/nats-concepts/jetstream for more information - conditional: "jetstream == true" - properties: - - name: store_dir - description: Directory to store JetStream data - default: "/var/lib/nats/jetstream" - required: true - - name: max_mem - description: Maximum amount of RAM that can be used by JetStream - help: Valid values are -1 for unlimited or strings like 1GB - default: "-1" - - name: max_file - description: Maximum amount of disk storage that can be used by JetStream - help: Valid values are -1 for unlimited or strings like 1GB - default: "-1" - - - name: resolver - description: | - NATS Resolver Configuration - - We will now configure where the NATS Server will store account JWT files. - JWT files are pushed to the server using 'nats auth account push' and - describe the full configuration for each account. - - Every server in a cluster needs a resolver configuration. - properties: - - name: dir - description: The directory to store JWTs in - default: "/var/lib/nats/resolver" - - name: allow_delete - description: Should the server allow accounts to be deleted - default: "true" - type: bool - - name: limit - description: The maximum amount of accounts to allow - default: "1000" - type: integer diff --git a/internal/auth/resolver_template.txt b/internal/auth/resolver_template.txt deleted file mode 100644 index 79cc6622..00000000 --- a/internal/auth/resolver_template.txt +++ /dev/null @@ -1,39 +0,0 @@ -# Generated NATS Server configuration operated by operator {{ .operator.Name }} - -# Unique name for the server -server_name: {{ .server_name }} - -# The address and port clients must connect to -listen: {{ .address}}:{{ .port }} - -# HTTP requests can be made to this port for monitoring purpose -monitor_port: {{ .monitor_port }} - -# The JWT token of the operator running the server ({{ .operator.Name }}) -operator: {{ .operator.JWT }} - -# The JWT token of the system account managing the server ({{ .system.Name }}) -system_account: {{ .system.Subject }} - -resolver_preload { - // Account: {{ .system.Name }} - {{ .system.Subject }}: {{ .system.JWT }} -} - -{{ if .jetstream }} -jetstream { - store_dir: {{ .jetstream.store_dir }} - max_mem: {{ .jetstream.max_mem }} - max_file: {{ .jetstream.max_file }} -} -{{ end }} - -# Configures the Full NATS Resolver -resolver { - type: full - dir: {{ .resolver.dir }} - allow_delete: {{ .resolver.allow_delete }} - interval: "2m" - limit: {{ .resolver.limit }} -} -