feat: wire remaining E2E gaps — account imports, subject transforms, JWT auth, service latency
Close all 5 server-side wiring gaps so E2E tests pass without skips: - System events: bridge user-defined system_account to internal $SYS - Account imports/exports: config parsing + reverse response import for cross-account request-reply - Subject transforms: parse mappings config block, apply in ProcessMessage - JWT auth: parse trusted_keys, resolver MEMORY, resolver_preload in config - Service latency: timestamp on request, publish ServiceLatencyMsg on response
This commit is contained in:
Joseph Doherty
@@ -307,7 +307,7 @@ public sealed class Account : IDisposable
|
||||
return new ServiceExportInfo(subject, se.ResponseType, approved, isWildcard);
|
||||
}
|
||||
|
||||
public void AddServiceExport(string subject, ServiceResponseType responseType, IEnumerable<Account>? approved)
|
||||
public void AddServiceExport(string subject, ServiceResponseType responseType, IEnumerable<Account>? approved, ServiceLatency? latency = null)
|
||||
{
|
||||
var auth = new ExportAuth
|
||||
{
|
||||
@@ -318,6 +318,7 @@ public sealed class Account : IDisposable
|
||||
Auth = auth,
|
||||
Account = this,
|
||||
ResponseType = responseType,
|
||||
Latency = latency,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -5,4 +5,40 @@ public sealed class AccountConfig
|
||||
public int MaxConnections { get; init; } // 0 = unlimited
|
||||
public int MaxSubscriptions { get; init; } // 0 = unlimited
|
||||
public Permissions? DefaultPermissions { get; init; }
|
||||
|
||||
/// <summary>Service and stream exports from this account.</summary>
|
||||
public List<ExportDefinition>? Exports { get; init; }
|
||||
|
||||
/// <summary>Service and stream imports into this account.</summary>
|
||||
public List<ImportDefinition>? Imports { get; init; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Represents an export declaration in config: exports = [{ service: "sub" }] or [{ stream: "sub" }].
|
||||
/// Go reference: server/opts.go — parseExportStreamMap / parseExportServiceMap.
|
||||
/// </summary>
|
||||
public sealed class ExportDefinition
|
||||
{
|
||||
public string? Service { get; init; }
|
||||
public string? Stream { get; init; }
|
||||
|
||||
/// <summary>Optional latency tracking subject (e.g. "latency.svc.echo").</summary>
|
||||
public string? LatencySubject { get; init; }
|
||||
|
||||
/// <summary>Latency sampling percentage (1–100, default 100).</summary>
|
||||
public int LatencySampling { get; init; } = 100;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Represents an import declaration in config:
|
||||
/// imports = [{ service: { account: X, subject: "sub" }, to: "local" }].
|
||||
/// Go reference: server/opts.go — parseImportStreamMap / parseImportServiceMap.
|
||||
/// </summary>
|
||||
public sealed class ImportDefinition
|
||||
{
|
||||
public string? ServiceAccount { get; init; }
|
||||
public string? ServiceSubject { get; init; }
|
||||
public string? StreamAccount { get; init; }
|
||||
public string? StreamSubject { get; init; }
|
||||
public string? To { get; init; }
|
||||
}
|
||||
|
||||
@@ -291,7 +291,55 @@ public static class ConfigProcessor
|
||||
ParseAccounts(accountsDict, opts, errors);
|
||||
break;
|
||||
|
||||
// Unknown keys silently ignored (resolver, operator, etc.)
|
||||
// Server-level subject mappings: mappings { src: dest }
|
||||
// Go reference: server/opts.go — "mappings" case
|
||||
case "mappings" or "maps":
|
||||
if (value is Dictionary<string, object?> mappingsDict)
|
||||
{
|
||||
opts.SubjectMappings ??= new Dictionary<string, string>();
|
||||
foreach (var (src, dest) in mappingsDict)
|
||||
{
|
||||
if (dest is string destStr)
|
||||
opts.SubjectMappings[src] = destStr;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
// JWT operator mode — trusted operator public NKeys
|
||||
// Go reference: server/opts.go — "trusted_keys" / "trusted" case
|
||||
case "trusted_keys" or "trusted":
|
||||
opts.TrustedKeys = ParseStringArray(value);
|
||||
break;
|
||||
|
||||
// JWT resolver type and preload
|
||||
// Go reference: server/opts.go — "resolver" case
|
||||
case "resolver" or "account_resolver" or "accounts_resolver":
|
||||
if (value is string resolverStr && resolverStr.Equals("MEMORY", StringComparison.OrdinalIgnoreCase))
|
||||
opts.AccountResolver = new Auth.Jwt.MemAccountResolver();
|
||||
break;
|
||||
|
||||
// Pre-load account JWTs into the resolver
|
||||
// Go reference: server/opts.go — "resolver_preload" case
|
||||
case "resolver_preload":
|
||||
if (value is Dictionary<string, object?> preloadDict && opts.AccountResolver != null)
|
||||
{
|
||||
foreach (var (accNkey, jwtObj) in preloadDict)
|
||||
{
|
||||
if (jwtObj is string jwt)
|
||||
opts.AccountResolver.StoreAsync(accNkey, jwt).GetAwaiter().GetResult();
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
// Operator key (can derive trusted_keys from operator JWT — for now just accept NKeys directly)
|
||||
case "operator" or "operators" or "root" or "roots" or "root_operators" or "root_operator":
|
||||
// For simple mode: treat as trusted_keys alias if string array
|
||||
opts.TrustedKeys ??= ParseStringArray(value);
|
||||
break;
|
||||
|
||||
// Unknown keys silently ignored
|
||||
default:
|
||||
warnings.Add(new UnknownConfigFieldWarning(key).Message);
|
||||
break;
|
||||
@@ -975,6 +1023,8 @@ public static class ConfigProcessor
|
||||
int maxConnections = 0;
|
||||
int maxSubscriptions = 0;
|
||||
List<object?>? userList = null;
|
||||
List<ExportDefinition>? exports = null;
|
||||
List<ImportDefinition>? imports = null;
|
||||
|
||||
foreach (var (key, value) in acctDict)
|
||||
{
|
||||
@@ -989,6 +1039,21 @@ public static class ConfigProcessor
|
||||
break;
|
||||
case "max_subscriptions" or "max_subs":
|
||||
maxSubscriptions = ToInt(value);
|
||||
break;
|
||||
case "exports":
|
||||
if (value is List<object?> exportList)
|
||||
exports = ParseExports(exportList);
|
||||
break;
|
||||
case "imports":
|
||||
if (value is List<object?> importList)
|
||||
imports = ParseImports(importList);
|
||||
break;
|
||||
case "mappings" or "maps":
|
||||
if (value is Dictionary<string, object?> mappingsDict)
|
||||
{
|
||||
// Account-level subject mappings not yet supported
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -997,6 +1062,8 @@ public static class ConfigProcessor
|
||||
{
|
||||
MaxConnections = maxConnections,
|
||||
MaxSubscriptions = maxSubscriptions,
|
||||
Exports = exports,
|
||||
Imports = imports,
|
||||
};
|
||||
|
||||
if (userList is not null)
|
||||
@@ -1020,6 +1087,140 @@ public static class ConfigProcessor
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Parses an exports array: [{ service: "sub" }, { stream: "sub" }].
|
||||
/// Go reference: server/opts.go — parseExportStreamMap / parseExportServiceMap.
|
||||
/// </summary>
|
||||
private static List<ExportDefinition> ParseExports(List<object?> exportList)
|
||||
{
|
||||
var result = new List<ExportDefinition>();
|
||||
foreach (var item in exportList)
|
||||
{
|
||||
if (item is not Dictionary<string, object?> dict)
|
||||
continue;
|
||||
|
||||
string? service = null, stream = null;
|
||||
string? latencySubject = null;
|
||||
int latencySampling = 100;
|
||||
|
||||
foreach (var (k, v) in dict)
|
||||
{
|
||||
switch (k.ToLowerInvariant())
|
||||
{
|
||||
case "service":
|
||||
service = ToString(v);
|
||||
break;
|
||||
case "stream":
|
||||
stream = ToString(v);
|
||||
break;
|
||||
case "latency":
|
||||
// latency can be a string (subject only) or a map { subject, sampling }
|
||||
// Go reference: server/opts.go — parseServiceLatency
|
||||
if (v is string latStr)
|
||||
{
|
||||
latencySubject = latStr;
|
||||
}
|
||||
else if (v is Dictionary<string, object?> latDict)
|
||||
{
|
||||
foreach (var (lk, lv) in latDict)
|
||||
{
|
||||
switch (lk.ToLowerInvariant())
|
||||
{
|
||||
case "subject":
|
||||
latencySubject = ToString(lv);
|
||||
break;
|
||||
case "sampling":
|
||||
latencySampling = ToInt(lv);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
result.Add(new ExportDefinition
|
||||
{
|
||||
Service = service,
|
||||
Stream = stream,
|
||||
LatencySubject = latencySubject,
|
||||
LatencySampling = latencySampling,
|
||||
});
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Parses an imports array: [{ service: { account: X, subject: "sub" }, to: "local" }].
|
||||
/// Go reference: server/opts.go — parseImportStreamMap / parseImportServiceMap.
|
||||
/// </summary>
|
||||
private static List<ImportDefinition> ParseImports(List<object?> importList)
|
||||
{
|
||||
var result = new List<ImportDefinition>();
|
||||
foreach (var item in importList)
|
||||
{
|
||||
if (item is not Dictionary<string, object?> dict)
|
||||
continue;
|
||||
|
||||
string? serviceAccount = null, serviceSubject = null;
|
||||
string? streamAccount = null, streamSubject = null;
|
||||
string? to = null;
|
||||
|
||||
foreach (var (k, v) in dict)
|
||||
{
|
||||
switch (k.ToLowerInvariant())
|
||||
{
|
||||
case "service" when v is Dictionary<string, object?> svcDict:
|
||||
foreach (var (sk, sv) in svcDict)
|
||||
{
|
||||
switch (sk.ToLowerInvariant())
|
||||
{
|
||||
case "account":
|
||||
serviceAccount = ToString(sv);
|
||||
break;
|
||||
case "subject":
|
||||
serviceSubject = ToString(sv);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
case "stream" when v is Dictionary<string, object?> strmDict:
|
||||
foreach (var (sk, sv) in strmDict)
|
||||
{
|
||||
switch (sk.ToLowerInvariant())
|
||||
{
|
||||
case "account":
|
||||
streamAccount = ToString(sv);
|
||||
break;
|
||||
case "subject":
|
||||
streamSubject = ToString(sv);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
case "to":
|
||||
to = ToString(v);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
result.Add(new ImportDefinition
|
||||
{
|
||||
ServiceAccount = serviceAccount,
|
||||
ServiceSubject = serviceSubject,
|
||||
StreamAccount = streamAccount,
|
||||
StreamSubject = streamSubject,
|
||||
To = to,
|
||||
});
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Splits a users array into plain users and NKey users.
|
||||
/// An entry with an "nkey" field is an NKey user; entries with "user" are plain users.
|
||||
@@ -1623,6 +1824,30 @@ public static class ConfigProcessor
|
||||
_ => throw new FormatException($"Cannot convert {value?.GetType().Name ?? "null"} to double"),
|
||||
};
|
||||
|
||||
/// <summary>
|
||||
/// Parses a config value that can be a single string or a list of strings into a string[].
|
||||
/// Go reference: server/opts.go — parseTrustedKeys accepts string, []string, []interface{}.
|
||||
/// </summary>
|
||||
private static string[]? ParseStringArray(object? value)
|
||||
{
|
||||
if (value is List<object?> list)
|
||||
{
|
||||
var result = new List<string>(list.Count);
|
||||
foreach (var item in list)
|
||||
{
|
||||
if (item is string s)
|
||||
result.Add(s);
|
||||
}
|
||||
|
||||
return result.Count > 0 ? result.ToArray() : null;
|
||||
}
|
||||
|
||||
if (value is string str)
|
||||
return [str];
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private static IReadOnlyList<string> ToStringList(object? value)
|
||||
{
|
||||
if (value is List<object?> list)
|
||||
|
||||
@@ -529,6 +529,17 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
_systemAccount = new Account(Account.SystemAccountName) { IsSystemAccount = true };
|
||||
_accounts[Account.SystemAccountName] = _systemAccount;
|
||||
|
||||
// If a user-defined system_account is configured, promote that account to be the
|
||||
// system account. Events published to $SYS.* will be delivered to subscribers on
|
||||
// this account. Go reference: server/server.go — configureAccounts / setSystemAccount.
|
||||
if (!string.IsNullOrEmpty(options.SystemAccount) &&
|
||||
!string.Equals(options.SystemAccount, Account.SystemAccountName, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
var userSysAccount = GetOrCreateAccount(options.SystemAccount);
|
||||
userSysAccount.IsSystemAccount = true;
|
||||
_systemAccount = userSysAccount;
|
||||
}
|
||||
|
||||
// Create system internal client and event system
|
||||
var sysClientId = Interlocked.Increment(ref _nextClientId);
|
||||
var sysClient = new InternalClient(sysClientId, ClientKind.System, _systemAccount);
|
||||
@@ -1312,7 +1323,7 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
if (si.Invalid) continue;
|
||||
if (SubjectMatch.MatchLiteral(subject, si.From))
|
||||
{
|
||||
ProcessServiceImport(si, subject, replyTo, headers, payload);
|
||||
ProcessServiceImport(si, subject, replyTo, headers, payload, sender.Account);
|
||||
delivered = true;
|
||||
}
|
||||
}
|
||||
@@ -1453,7 +1464,7 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
/// Reference: Go server/accounts.go addServiceImport / processServiceImport.
|
||||
/// </summary>
|
||||
public void ProcessServiceImport(ServiceImport si, string subject, string? replyTo,
|
||||
ReadOnlyMemory<byte> headers, ReadOnlyMemory<byte> payload)
|
||||
ReadOnlyMemory<byte> headers, ReadOnlyMemory<byte> payload, Account? sourceAccount = null)
|
||||
{
|
||||
if (si.Invalid) return;
|
||||
|
||||
@@ -1477,6 +1488,24 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
targetSubject = MapImportSubject(subject, si.From, si.To);
|
||||
}
|
||||
|
||||
// Set up a temporary reverse service import so that responses from the
|
||||
// destination (exporter) account can route back to the source (importer)
|
||||
// account. This handles request-reply across account boundaries.
|
||||
// Go reference: client.go setupResponseServiceImport
|
||||
if (replyTo != null && sourceAccount != null && !si.IsResponse)
|
||||
{
|
||||
SetupResponseServiceImport(si.DestinationAccount, sourceAccount, replyTo, si.Export);
|
||||
}
|
||||
|
||||
// Service latency tracking: when the response arrives back, compute elapsed
|
||||
// time and publish a latency metric to the configured subject.
|
||||
// Go reference: client.go processServiceImport — latency tracking path.
|
||||
if (si.IsResponse && si.Tracking && si.TimestampTicks > 0)
|
||||
{
|
||||
var elapsed = TimeSpan.FromTicks(Environment.TickCount64 * TimeSpan.TicksPerMillisecond - si.TimestampTicks);
|
||||
PublishServiceLatency(si, elapsed);
|
||||
}
|
||||
|
||||
// Match against destination account's SubList
|
||||
var destSubList = si.DestinationAccount.SubList;
|
||||
var result = destSubList.Match(targetSubject);
|
||||
@@ -1498,6 +1527,36 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Creates a temporary reverse service import in the exporter's account so that
|
||||
/// when the exporter publishes a response to the reply subject, the message is
|
||||
/// forwarded back to the importer's account where the reply subscription lives.
|
||||
/// Go reference: client.go setupResponseServiceImport.
|
||||
/// </summary>
|
||||
private static void SetupResponseServiceImport(Account exporterAccount, Account importerAccount, string replyTo, ServiceExport? export = null)
|
||||
{
|
||||
// Check if a reverse import for this reply subject already exists
|
||||
if (exporterAccount.Imports.Services.ContainsKey(replyTo))
|
||||
return;
|
||||
|
||||
// Determine if we should track latency for this response
|
||||
var shouldTrack = export?.Latency is { } latency && LatencyTracker.ShouldSample(latency);
|
||||
|
||||
var reverseImport = new ServiceImport
|
||||
{
|
||||
DestinationAccount = importerAccount,
|
||||
From = replyTo,
|
||||
To = replyTo,
|
||||
IsResponse = true,
|
||||
UsePub = true,
|
||||
Export = export,
|
||||
Tracking = shouldTrack,
|
||||
// Store start time as TickCount64 (milliseconds) converted to ticks for elapsed computation
|
||||
TimestampTicks = shouldTrack ? Environment.TickCount64 * TimeSpan.TicksPerMillisecond : 0,
|
||||
};
|
||||
exporterAccount.Imports.AddServiceImport(reverseImport);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Maps a published subject from the import "From" pattern to the "To" pattern.
|
||||
/// For example, if From="requests.>" and To="api.>" and subject="requests.test",
|
||||
@@ -1633,11 +1692,54 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
acc.MaxConnections = config.MaxConnections;
|
||||
acc.MaxSubscriptions = config.MaxSubscriptions;
|
||||
acc.DefaultPermissions = config.DefaultPermissions;
|
||||
|
||||
// Wire exports from config
|
||||
if (config.Exports != null)
|
||||
{
|
||||
foreach (var export in config.Exports)
|
||||
{
|
||||
if (export.Service is { Length: > 0 } svc)
|
||||
{
|
||||
ServiceLatency? latency = export.LatencySubject is { Length: > 0 }
|
||||
? new ServiceLatency { Subject = export.LatencySubject, SamplingPercentage = export.LatencySampling }
|
||||
: null;
|
||||
acc.AddServiceExport(svc, Imports.ServiceResponseType.Singleton, approved: null, latency: latency);
|
||||
}
|
||||
else if (export.Stream is { Length: > 0 } strm)
|
||||
{
|
||||
acc.AddStreamExport(strm, approved: null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Wire imports from config (deferred — needs destination accounts resolved)
|
||||
if (config.Imports != null)
|
||||
WireAccountImports(acc, config.Imports);
|
||||
}
|
||||
|
||||
return acc;
|
||||
});
|
||||
}
|
||||
|
||||
private void WireAccountImports(Account importer, List<Auth.ImportDefinition> imports)
|
||||
{
|
||||
foreach (var imp in imports)
|
||||
{
|
||||
if (imp.ServiceAccount is { Length: > 0 } svcAcct && imp.ServiceSubject is { Length: > 0 } svcSubj)
|
||||
{
|
||||
var dest = GetOrCreateAccount(svcAcct);
|
||||
var localSubject = imp.To ?? svcSubj;
|
||||
importer.AddServiceImport(dest, from: localSubject, to: svcSubj);
|
||||
}
|
||||
else if (imp.StreamAccount is { Length: > 0 } strmAcct && imp.StreamSubject is { Length: > 0 } strmSubj)
|
||||
{
|
||||
var source = GetOrCreateAccount(strmAcct);
|
||||
var localSubject = imp.To ?? strmSubj;
|
||||
importer.AddStreamImport(source, from: strmSubj, to: localSubject);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Returns true if the subject belongs to the $SYS subject space.
|
||||
/// Reference: Go server/server.go — isReservedSubject.
|
||||
@@ -1675,6 +1777,25 @@ public sealed class NatsServer : IMessageRouter, ISubListAccess, IDisposable
|
||||
return account?.SubList ?? _globalAccount.SubList;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Publishes a service latency metric message to the configured latency subject.
|
||||
/// Go reference: client.go processServiceImport — trackLatency path.
|
||||
/// </summary>
|
||||
private void PublishServiceLatency(ServiceImport si, TimeSpan elapsed)
|
||||
{
|
||||
var latency = si.Export?.Latency;
|
||||
if (latency == null || string.IsNullOrEmpty(latency.Subject))
|
||||
return;
|
||||
|
||||
var msg = LatencyTracker.BuildLatencyMsg(
|
||||
requestor: si.DestinationAccount.Name,
|
||||
responder: si.Export?.Account?.Name ?? "unknown",
|
||||
serviceLatency: elapsed,
|
||||
totalLatency: elapsed);
|
||||
|
||||
SendInternalMsg(latency.Subject, reply: null, msg);
|
||||
}
|
||||
|
||||
public void SendInternalMsg(string subject, string? reply, object? msg)
|
||||
{
|
||||
_eventSystem?.Enqueue(new PublishMessage { Subject = subject, Reply = reply, Body = msg });
|
||||
|
||||
Reference in New Issue
Block a user