Authorization Violation connection issue with management through accounts

Question

Authorization Violation connection issue with management through accounts

andreyreshetnikov-zh opened this issue 2 years ago · comments

Andrey Reshetnikov commented 2 years ago

Hello everyone, there is a problem with creating resources using NACK

versions:
nats: nats:2.9.8-alpine, deployed by helm chart 0.19.1
nack: jetstream-controller:0.8.0, deployed by helm chart 0.19.0 and CRD v0.8.0

NACK config:

jetstream:
  enabled: true

resources:
  limits:
    cpu: 500m
    memory: 1024Mi
  requests:
    cpu: 100m
    memory: 256Mi

after deployment, NACK works well, there are no errors in the logs.
I want to manage many resources in different accounts, so after creating an account in NATS, I added the credentials of this account to the secrets of k8s and created an account entity:

---
apiVersion: jetstream.nats.io/v1beta2
kind: Account
metadata:
  name: test
spec:
  name: test
  servers:
  - nats://nats.${URL}:4222
  creds:
    secret:
      name: nats-nack-account-test
    file: nats-nack-account-test.creds

next, I tried to create a Stream using this account, added stream:

---
apiVersion: jetstream.nats.io/v1beta2
kind: Stream
metadata:
  name: test-nack
spec:
  name: test-nack
  subjects: ["foo", "foo.>"]
  storage: file
  replicas: 1
  account: test

after that, errors appeared in the NACK logs:

 failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation

I rechecked the URL and accounts secrets, everything is correct and there are no errors.

Its important that if I specify this account directly in the NACK config, then everything works without errors, Stream is created:

jetstream:
  enabled: true

  nats:
     url: nats://nats.${URL}:4222
     credentials:
        secret:
          name: nats-nack-account-test
          key: "nats-nack-account-test.creds"

resources:
  limits:
    cpu: 500m
    memory: 1024Mi
  requests:
    cpu: 100m
    memory: 256Mi

but in this configuration, I can only manage one account, so it's not suitable.

Could you tell me what the error may be and how to solve it? klogLevel: 10 does not add clarity

Andrey Reshetnikov · Answer 1 · Fri Dec 23 2022 00:07:43 GMT+0800 (China Standard Time)

also tested working with different versions, the same error:

nack-0.19.0(image 0.8.0)
E1222 15:53:21.213459       1 controller.go:416] failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation

nack-0.18.0(image v0.7.4)
E1222 15:53:21.213459       1 controller.go:416] failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation

nack-0.17.5(image 0.7.4) 
E1222 15:53:21.213459       1 controller.go:416] failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation

Andrey Reshetnikov · Answer 2 · Mon Jan 23 2023 23:51:41 GMT+0800 (China Standard Time)

@wallyqs thank you a lot! It works great, no errors!