Skip to content

feat: additional NATS auth options#1315

Open
mfreeman451 wants to merge 4 commits intofalcosecurity:masterfrom
mfreeman451:feature/nats-enhanced-auth
Open

feat: additional NATS auth options#1315
mfreeman451 wants to merge 4 commits intofalcosecurity:masterfrom
mfreeman451:feature/nats-enhanced-auth

Conversation

@mfreeman451
Copy link

@mfreeman451 mfreeman451 commented Mar 3, 2026
edited
Loading

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area config

/area outputs

/area tests

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #1316

Special notes for your reviewer:

@mfreeman451 mfreeman451 marked this pull request as draft March 3, 2026 05:20
@poiana
Copy link

poiana commented Mar 3, 2026

Welcome @mfreeman451! It looks like this is your first PR to falcosecurity/falcosidekick 🎉

@poiana poiana requested a review from fjogeleit March 3, 2026 05:20
@poiana
Copy link

poiana commented Mar 3, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mfreeman451
Once this PR has been reviewed and has the lgtm label, please assign issif for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana requested a review from leogr March 3, 2026 05:20
mfreeman451
mfreeman451 commented Mar 3, 2026
View reviewed changes
Copy link
Author

@mfreeman451 mfreeman451 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mfreeman451
feat: additional nats auth options
3a6af75 
Signed-off-by: Michael Freeman <mfreeman451@gmail.com>
@mfreeman451
chore: restoring TOC
b4d8a46 
Signed-off-by: Michael Freeman <mfreeman451@gmail.com>
@mfreeman451
fix: nats output
73cf16e 
Signed-off-by: Michael Freeman <mfreeman451@gmail.com>
@mfreeman451
chore: restore TOC
11e0dcb 
Signed-off-by: Michael Freeman <mfreeman451@gmail.com>
@mfreeman451 mfreeman451 force-pushed the feature/nats-enhanced-auth branch from 85c168f to 11e0dcb Compare March 3, 2026 06:04
@mfreeman451
Copy link
Author

mfreeman451 commented Mar 3, 2026

/kind feature

@poiana poiana added kind/feature New feature or request and removed needs-kind labels Mar 3, 2026
@mfreeman451
Copy link
Author

mfreeman451 commented Mar 3, 2026

/area outputs

@mfreeman451 mfreeman451 mentioned this pull request Mar 3, 2026
Open
3 tasks
@mfreeman451 mfreeman451 marked this pull request as ready for review March 3, 2026 06:08
@poiana poiana requested a review from cpanato March 3, 2026 06:08
leogr
leogr reviewed Mar 6, 2026
View reviewed changes
outputs/nats.go

hostPort := strings.TrimSpace(config.Nats.HostPort)
tlsRequested := cfg.MutualTLS || !cfg.CheckCert || config.TLSClient.CaCertFile != "" ||
strings.HasPrefix(hostPort, "natss://") || strings.HasPrefix(hostPort, "tls://")
Copy link
Member

@leogr leogr Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is natss:// a valid scheme? 🤔

Copy link
Author

@mfreeman451 mfreeman451 Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch, will cleanup

leogr
leogr reviewed Mar 6, 2026
View reviewed changes
outputs/nats.go

hostPort := strings.TrimSpace(config.Nats.HostPort)
tlsRequested := cfg.MutualTLS || !cfg.CheckCert || config.TLSClient.CaCertFile != "" ||
strings.HasPrefix(hostPort, "natss://") || strings.HasPrefix(hostPort, "tls://")
Copy link
Member

@leogr leogr Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
strings.HasPrefix(hostPort, "natss://") || strings.HasPrefix(hostPort, "tls://")
strings.HasPrefix(hostPort, "tls://")

natss:// is not a standard NATS URI scheme. The NATS Go client recognizes nats:// and tls://. While our NewClient regex happens to accept natss://, using it here as a TLS trigger could confuse users into thinking it's supported.

What was the intent behind natss://? If it's for symmetry with https://, could we just document tls:// as the way to enable TLS?

outputs/nats.go
}

func validateNatsAuthFile(path, configKey string) error {
_, err := os.ReadFile(path)
Copy link
Member

@leogr leogr Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
_, err := os.ReadFile(path)
_, err := os.Stat(path)

os.ReadFile loads the entire file into memory just to check if it's readable. os.Stat would be sufficient here and is the pattern used elsewhere in the codebase (e.g., outputs/logstash.go:45).

main.go
Comment on lines 331 to 333
}

}
Copy link
Member

@leogr leogr Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: extra blank line before the closing brace.

Suggested change
}
}
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogr leogr leogr left review comments

@fjogeleit fjogeleit Awaiting requested review from fjogeleit

@cpanato cpanato Awaiting requested review from cpanato

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/outputs dco-signoff: yes kind/feature New feature or request size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing NATS authentication options

3 participants

@mfreeman451 @poiana @leogr