From 95635e9490ace380a82d9f473ba498769140f2db Mon Sep 17 00:00:00 2001 From: Sylvain Marty <10723351+SylvainMarty@users.noreply.github.com> Date: Tue, 28 May 2024 15:30:53 +0200 Subject: [PATCH] DBZ-7876 Update NATS Jetstream doc with JWT auth properties --- COPYRIGHT.txt | 3 ++- .../pages/operations/debezium-server.adoc | 25 +++++++++++++++++++ jenkins-jobs/scripts/config/Aliases.txt | 3 ++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/COPYRIGHT.txt b/COPYRIGHT.txt index 1ff811da0..300803ce1 100644 --- a/COPYRIGHT.txt +++ b/COPYRIGHT.txt @@ -447,6 +447,7 @@ Rotem Adhoh Sagar Rao Sahan Dilshan Sahap Asci +Sylvain Marty René Kerner Ricardo Rosales Rich O'Connell @@ -632,4 +633,4 @@ Pradeep Nain Gaurav Miglani 张展业 Ashish Binu -Mohamed El Shaer \ No newline at end of file +Mohamed El Shaer diff --git a/documentation/modules/ROOT/pages/operations/debezium-server.adoc b/documentation/modules/ROOT/pages/operations/debezium-server.adoc index e0f837837..0918c4097 100644 --- a/documentation/modules/ROOT/pages/operations/debezium-server.adoc +++ b/documentation/modules/ROOT/pages/operations/debezium-server.adoc @@ -1201,6 +1201,31 @@ NATS has a built-in distributed persistence system called https://docs.nats.io/n | memory | Controls how the messages are saved in the stream. Can be memory or file. +|[[nats-jetstream-auth-jwt]]<> +|No default value +|Specifies the identity of the NATS server client. +Add this property to the configuration to enable JSON Web Token (JWT) authentication with NATS. +To use JWT authentication with NATS, you must specify the xref:nats-jetstream-auth-seed[NKey seed]. +Do not enable JWT authentication, if xref:nats-jetstream-auth-user[password authentication] is enabled. + +|[[nats-jetstream-auth-seed]]<> +|No default value +|When xref:nats-jetstream-auth-jwt[JWT authentication] is enabled for NATS, use this property so specify the NKey seed that represents the {prodname} user. +{prodname} uses the specified NKey seed to derive a private key. +It then uses the private key to cryptographically sign the nonce challenge that the NATS server issues during the authentication process. +{prodname} returns the signed nonce to the server, along with the public key for the specified xref:nats-jetstream-auth-jwt[`debezium.sink.nats-jetstream.auth.jwt`] client. + +|[[nats-jetstream-auth-user]]<> +|No default value +|Specifies the username of the authorized NAT user. + +When this property is present in the configuration, password authentication with NATS is enabled. + +To use password authentication with NATS, specify a xref:nats-jetstream-auth-password[`debezium.sink.nats-jetstream.auth.password`]. +Do not enable password authentication if xref:nats-jetstream-auth-jwt[JWT authentication] is enabled. + +|[[nats-jetstream-auth-password]]<> +|No default value +|Specifies the password to use when xref:nats-jetstream-auth-user[password authentication] is enabled. + |=== If you need a more configurable stream, it can be created with nats cli. More about streams at: https://docs.nats.io/nats-concepts/jetstream/streams diff --git a/jenkins-jobs/scripts/config/Aliases.txt b/jenkins-jobs/scripts/config/Aliases.txt index 71af1c440..418278dba 100644 --- a/jenkins-jobs/scripts/config/Aliases.txt +++ b/jenkins-jobs/scripts/config/Aliases.txt @@ -279,4 +279,5 @@ TimoWilhelm,Timo Wilhelm ashishbinu,Ashish Binu wltmlx,Lukas Langegger GitHubSergei,Sergey Kazakov -shaer,Mohamed El Shaer \ No newline at end of file +shaer,Mohamed El Shaer +SylvainMarty,Sylvain Marty