New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ADDED] User Information requests at $SYS.REQ.USER.INFO #3671
Conversation
Signed-off-by: Derek Collison <derek@nats.io>
…account and permissions. Signed-off-by: Derek Collison <derek@nats.io>
server/events.go
Outdated
type UserInfo struct { | ||
UserID string `json:"user"` | ||
Account string `json:"account"` | ||
Permissions *Permissions `json:"permissions,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also include Time of Day restrictions and CIDR block restrictions? Expiration might be useful here too. wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes we could add in limits and expiration. Will look into adding those.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me add expiration, I think we hold on the others since that could open up a bunch of options on what is reported that blurs between user and accounts.
Will add expiration, that is a good add for sure.
This is only added if set by a user or account expiration claim. It is represented as a duration til expiration vs absolute time which would involve time zone and clock sync issues. Signed-off-by: Derek Collison <derek@nats.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM will put into nats account info and see what else might be useful
Love this. No more peeking at connz to validate during testing! |
Allow connected users to query information about bound account name and user permissions. This even works for users in the system account itself.
We do not return detailed account information here to allow for separate security/subject permissions for that and jetstream account information.
This should be added to NATS cli as a parallel call to account info when merged.
Note many of the changes are fixes to low level historical tests. When you add a base level system subscription that is imported by other accounts lots of test updates need to happen.
Signed-off-by: Derek Collison derek@nats.io
/cc @nats-io/core