Connection Pool + Improve JetStream Advisories (#134)

* connection pool Signed-off-by: Caleb Lloyd <caleb@synadia.com> * reverse nil check Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix linting Signed-off-by: Caleb Lloyd <caleb@synadia.com> * pr comments Signed-off-by: Caleb Lloyd <caleb@synadia.com> * fix spelling --------- Signed-off-by: Caleb Lloyd <caleb@synadia.com>
nats-io · Mar 15, 2023 · 6f0fa99 · 6f0fa99
1 parent da2b2f6
commit 6f0fa99
Show file tree

Hide file tree

Showing 18 changed files with 2,063 additions and 864 deletions.
diff --git a/README.md b/README.md
@@ -367,71 +367,55 @@ More information can be found [here](https://github.com/prometheus/prometheus/is
 ## Service Observations
 
 Services can be observed by creating JSON files in the `observations` directory.
-Both jwt credential files and nkey seed files are supported. The name of the observation has to unique. A second observation with a duplicate name will be ignored.
+The file extension must be `.json`. 
+Only one authentication method needs to be provided.
+Example file format:
 
-Here's an example using a jwt credential file:
-
-```json
-{
-  "name": "email.subscribe",
-  "topic": "monitor.email.subscribe",
-  "credential": "/observations/email.subscribe.cred"
-}
-```
-Example with nkey seed file:
 ```json
 {
-  "name": "email.subscribe",
-  "topic": "monitor.email.subscribe",
-  "nkey": "/observations/email.subscribe.nkey"
+  "name":       "my service",
+  "topic":      "email.subscribe.>",
+  "jwt":        "jwt portion of creds, must include seed also",
+  "seed":       "seed portion of creds, must include jwt also",
+  "credential": "/path/to/file.creds",
+  "nkey":       "nkey seed",
+  "token":      "token",
+  "username":   "username, must include password also",
+  "password":   "password, must include user also",
+  "tls_ca":     "/path/to/ca.pem, defaults to surveyor's ca if one exists",
+  "tls_cert":   "/path/to/cert.pem, defaults to surveyor's cert if one exists",
+  "tls_key":    "/path/to/key.pem, defaults to surveyor's key if one exists"
 }
 ```
 
-Place this in `observations/email.surbscribe.json` and create a credential giving access to this topic in `observations/email.subscribe.cred`, when you restart the service any observations published by the NATS system will be tracked and graphed.
+Files are watched and updated using [fsnotify](https://github.com/fsnotify/fsnotify) 
 
 ## JetStream
 
 JetStream can be monitored on a per-account basis by creating JSON files in the `jetstream` directory.
-Place those files in `jetstream/youraccount.json`. Be sure that you give access to the `$JS.EVENT.>` subject to your user.
-
-When you add/modify account files, you'll need restart the NATS Surveyor service in order for the JetStream in this account to be monitored.
-
-There are some ways to establish authentication, here are some examples:
+The file extension must be `.json`.
+Only one authentication method needs to be provided.
+e sure that you give access to the `$JS.EVENT.>` subject to your user.
+Example file format:
 
 ### Credentials
 ```json
 {
-  "name": "Your Account",
-  "credential": "/jetstream/youraccount.cred"
+  "name":       "my account",
+  "jwt":        "jwt portion of creds, must include seed also",
+  "seed":       "seed portion of creds, must include jwt also",
+  "credential": "/path/to/file.creds",
+  "nkey":       "nkey seed",
+  "token":      "token",
+  "username":   "username, must include password also",
+  "password":   "password, must include user also",
+  "tls_ca":     "/path/to/ca.pem, defaults to surveyor's ca if one exists",
+  "tls_cert":   "/path/to/cert.pem, defaults to surveyor's cert if one exists",
+  "tls_key":    "/path/to/key.pem, defaults to surveyor's key if one exists"
 }
 ```
 
-### User/Password
-```json
-{
-  "name": "Your Account",
-  "username": "accounta",
-  "password": "changeit"
-}
-```
-
-### NKeys
-```json
-{
-  "name": "Your Account",
-  "nkey": "UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4"
-}
-```
-### mTLS
-
-```json
-{
-  "name": "Your Account",
-  "tls_ca": "/etc/nats-certs/your-account/ca.crt",
-  "tls_cert": "/etc/nats-certs/your-account/tls.crt",
-  "tls_key": "/etc/nats-certs/your-account/tls.key"
-}
-```
+Files are watched and updated using [fsnotify](https://github.com/fsnotify/fsnotify)
 
 ## TODO
 

diff --git a/go.mod b/go.mod
@@ -14,7 +14,9 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/viper v1.12.0
+	github.com/stretchr/testify v1.7.1
 	golang.org/x/crypto v0.5.0
+	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
 )
 
 require (
@@ -34,6 +36,7 @@ require (
 	github.com/nats-io/nkeys v0.3.1-0.20221215194120-47c7408e7546 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/spf13/afero v1.8.2 // indirect

diff --git a/go.sum b/go.sum
@@ -380,6 +380,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
+golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

diff --git a/surveyor/collector_statz.go b/surveyor/collector_statz.go
@@ -191,8 +191,10 @@ func jsDomainLabelValue(sm *server.ServerStatsMsg) string {
 
 func jetstreamInfoLabelValues(sm *server.ServerStatsMsg) []string {
 	// Maybe also "meta_leader", "store_dir"?
-	return []string{sm.Server.Name, sm.Server.Host, sm.Server.ID, sm.Server.Cluster, jsDomainLabelValue(sm), sm.Server.Version,
-		strconv.FormatBool(sm.Server.JetStream)}
+	return []string{
+		sm.Server.Name, sm.Server.Host, sm.Server.ID, sm.Server.Cluster, jsDomainLabelValue(sm), sm.Server.Version,
+		strconv.FormatBool(sm.Server.JetStream),
+	}
 }
 
 func (sc *StatzCollector) serverLabelValues(sm *server.ServerStatsMsg) []string {