-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FIXED] LeafNode: queue interest on leaf not propagated with permissi…
…ons on hub (#6291) If the hub has a user with subscribe permissions on a literal subject that the leaf is trying to create a queue subscription on, the interest may not be propagated. The issue was caused by the fact that we were checking the permissions on the key (that includes subject and queue name) instead of the subject itself. Resolves #6281 Signed-off-by: Ivan Kozlovic <[email protected]>
- Loading branch information
Showing
2 changed files
with
76 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9077,7 +9077,7 @@ func TestLeafNodeBannerNoClusterNameIfNoCluster(t *testing.T) { | |
l.Unlock() | ||
} | ||
|
||
func TestLeafCredFormatting(t *testing.T) { | ||
func TestLeafNodeCredFormatting(t *testing.T) { | ||
//create the operator/sys/account tree | ||
oKP, err := nkeys.CreateOperator() | ||
require_NoError(t, err) | ||
|
@@ -9151,14 +9151,15 @@ func TestLeafCredFormatting(t *testing.T) { | |
require_NoError(t, file.Close()) | ||
|
||
template := fmt.Sprintf(` | ||
listen: 127.0.0.1:-1 | ||
leaf { remotes: [ | ||
{ | ||
urls: [ nats-leaf://127.0.0.1:%d ] | ||
credentials: "%s" | ||
} | ||
] }`, o.LeafNode.Port, file.Name()) | ||
|
||
listen: 127.0.0.1:-1 | ||
leafnodes { | ||
remotes: [ | ||
{ | ||
urls: [ nats-leaf://127.0.0.1:%d ] | ||
credentials: "%s" | ||
} | ||
] | ||
}`, o.LeafNode.Port, file.Name()) | ||
conf := createConfFile(t, []byte(template)) | ||
leaf, _ := RunServerWithConfig(conf) | ||
defer leaf.Shutdown() | ||
|
@@ -9172,3 +9173,59 @@ func TestLeafCredFormatting(t *testing.T) { | |
runLeaf(t, creds) | ||
runLeaf(t, bytes.ReplaceAll(creds, []byte{'\n'}, []byte{'\r', '\n'})) | ||
} | ||
|
||
func TestLeafNodePermissionWithLiteralSubjectAndQueueInterest(t *testing.T) { | ||
hconf := createConfFile(t, []byte(` | ||
server_name: "HUB" | ||
listen: "127.0.0.1:-1" | ||
leafnodes { | ||
listen: "127.0.0.1:-1" | ||
} | ||
accounts { | ||
A { | ||
users: [ | ||
{ user: "user", password: "pwd", | ||
permissions: { | ||
subscribe: { allow: ["_INBOX.>", "my.subject"] } | ||
publish: {allow: [">"]} | ||
} | ||
} | ||
] | ||
} | ||
} | ||
`)) | ||
hub, ohub := RunServerWithConfig(hconf) | ||
defer hub.Shutdown() | ||
|
||
lconf := createConfFile(t, []byte(fmt.Sprintf(` | ||
server_name: "LEAF" | ||
listen: "127.0.0.1:-1" | ||
leafnodes { | ||
remotes: [ | ||
{url: "nats://user:[email protected]:%d", account: A} | ||
] | ||
} | ||
accounts { | ||
A { users: [{user: user, password: pwd}] } | ||
} | ||
`, ohub.LeafNode.Port))) | ||
leaf, _ := RunServerWithConfig(lconf) | ||
defer leaf.Shutdown() | ||
|
||
checkLeafNodeConnected(t, hub) | ||
checkLeafNodeConnected(t, leaf) | ||
|
||
ncLeaf := natsConnect(t, leaf.ClientURL(), nats.UserInfo("user", "pwd")) | ||
defer ncLeaf.Close() | ||
natsQueueSub(t, ncLeaf, "my.subject", "queue", func(m *nats.Msg) { | ||
m.Respond([]byte("OK")) | ||
}) | ||
natsFlush(t, ncLeaf) | ||
|
||
ncHub := natsConnect(t, hub.ClientURL(), nats.UserInfo("user", "pwd")) | ||
defer ncHub.Close() | ||
|
||
resp, err := ncHub.Request("my.subject", []byte("hello"), time.Second) | ||
require_NoError(t, err) | ||
require_Equal(t, "OK", string(resp.Data)) | ||
} |