feat: add authentication to nats trigger

Signed-off-by: Tom Bojer <[email protected]>

api/jsonschema/schema.json

@@ -2785,6 +2785,10 @@
     "io.argoproj.events.v1alpha1.NATSTrigger": {
       "description": "NATSTrigger refers to the specification of the NATS trigger.",
       "properties": {
+        "auth": {
+          "$ref": "#/definitions/io.argoproj.events.v1alpha1.NATSAuth",
+          "description": "AuthInformation"
+        },
         "parameters": {
           "items": {
             "$ref": "#/definitions/io.argoproj.events.v1alpha1.TriggerParameter"

docs/APIs.md

@@ -12845,7 +12845,8 @@ NATSAuth
 <p>
 
 (<em>Appears on:</em>
-<a href="#argoproj.io/v1alpha1.NATSEventsSource">NATSEventsSource</a>)
+<a href="#argoproj.io/v1alpha1.NATSEventsSource">NATSEventsSource</a>,
+<a href="#argoproj.io/v1alpha1.NATSTrigger">NATSTrigger</a>)
 </p>
 
 <p>
@@ -13526,6 +13527,26 @@ TLS configuration for the NATS producer.
 
 </tr>
 
+<tr>
+
+<td>
+
+<code>auth</code></br> <em> <a href="#argoproj.io/v1alpha1.NATSAuth">
+NATSAuth </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+<p>
+
+AuthInformation
+</p>
+
+</td>
+
+</tr>
+
 </tbody>
 
 </table>

pkg/apis/events/v1alpha1/sensor_types.go

@@ -632,6 +632,9 @@ type NATSTrigger struct {
 	// TLS configuration for the NATS producer.
 	// +optional
 	TLS *TLSConfig `json:"tls,omitempty" protobuf:"bytes,5,opt,name=tls"`
+	// AuthInformation
+	// +optional
+	Auth *NATSAuth `json:"auth,omitempty" protobuf:"bytes,6,opt,name=auth"`
 }
 
 // CustomTrigger refers to the specification of the custom trigger.

pkg/sensors/triggers/nats/nats.go

@@ -48,20 +48,55 @@ func NewNATSTrigger(sensor *v1alpha1.Sensor, trigger *v1alpha1.Trigger, natsConn
 	conn, ok := natsConnections.Load(trigger.Template.Name)
 	if !ok {
 		var err error
-		opts := natslib.GetDefaultOptions()
-		opts.Url = natstrigger.URL
+
+		var opt []natslib.Option
 
 		if natstrigger.TLS != nil {
 			tlsConfig, err := sharedutil.GetTLSConfig(natstrigger.TLS)
 			if err != nil {
 				return nil, fmt.Errorf("failed to get the tls configuration, %w", err)
 			}
-			tlsConfig.InsecureSkipVerify = true
-			opts.Secure = true
-			opts.TLSConfig = tlsConfig
+			opt = append(opt, natslib.Secure(tlsConfig))
+		}
+
+		if natstrigger.Auth != nil {
+			switch {
+			case natstrigger.Auth.Basic != nil:
+				username, err := sharedutil.GetSecretFromVolume(natstrigger.Auth.Basic.Username)
+				if err != nil {
+					return nil, err
+				}
+				password, err := sharedutil.GetSecretFromVolume(natstrigger.Auth.Basic.Password)
+				if err != nil {
+					return nil, err
+				}
+				opt = append(opt, natslib.UserInfo(username, password))
+			case natstrigger.Auth.Token != nil:
+				token, err := sharedutil.GetSecretFromVolume(natstrigger.Auth.Token)
+				if err != nil {
+					return nil, err
+				}
+				opt = append(opt, natslib.Token(token))
+			case natstrigger.Auth.NKey != nil:
+				nkeyFile, err := sharedutil.GetSecretVolumePath(natstrigger.Auth.NKey)
+				if err != nil {
+					return nil, err
+				}
+				o, err := natslib.NkeyOptionFromSeed(nkeyFile)
+				if err != nil {
+					return nil, fmt.Errorf("failed to get NKey, %w", err)
+				}
+				opt = append(opt, o)
+			case natstrigger.Auth.Credential != nil:
+				cFile, err := sharedutil.GetSecretVolumePath(natstrigger.Auth.Credential)
+				if err != nil {
+					return nil, err
+				}
+				opt = append(opt, natslib.UserCredentials(cFile))
+			}
 		}
 
-		conn, err = opts.Connect()
+		conn, err = natslib.Connect(natstrigger.URL, opt...)
 		if err != nil {
 			return nil, err
 		}