-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnats.tmpl
52 lines (48 loc) · 2.99 KB
/
nats.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
server_name: "{{ .ServerName }}"
listen: ":{{ .Port }}"
jetstream: enabled
jetstream {
store_dir: "{{ .JetstreamStore }}"
max_mem: 1G
max_file: 5G
}
tls {
cert_file: "{{ .NATSCertPath }}"
key_file: "{{ .NATSKeyPath }}"
ca_file: "{{ .NATSCAPath }}"
verify_and_map: true
ocsp_peer: true
}
authorization: {
users = [
{user: "CN=OpenUEM Cert-Manager Worker,OU=worker,O={{ .Org }},POSTALCODE={{ .PostalCode }},STREET={{ .Street }},L={{ .Locality }},ST={{ .Province }},C={{ .Country }},", permissions: {
sub: {
allow: ["_INBOX.>", "certificates.>", "ping.certmanagerworker openuem-cert-manager", "$JS.API.STREAM.CREATE.>", "$JS.API.STREAM.UPDATE.>", "$JS.API.CONSUMER.CREATE.>", "$JS.API.CONSUMER.MSG.NEXT.>", "$JS.ACK.>", "$JS.NACK.>"]
}
}},
{user: "CN=OpenUEM Notification Worker,OU=worker,O={{ .Org }},POSTALCODE={{ .PostalCode }},STREET={{ .Street }},L={{ .Locality }},ST={{ .Province }},C={{ .Country }},", permissions: {
sub: {
allow: ["_INBOX.>", "notification.>", "ping.notificationworker openuem-notification", "$JS.API.STREAM.CREATE.>", "$JS.API.STREAM.UPDATE.>", "$JS.API.CONSUMER.CREATE.>", "$JS.API.CONSUMER.MSG.NEXT.>", "$JS.ACK.>", "$JS.NACK.>"]
}
}},
{user: "CN=OpenUEM Console,O={{ .Org }},POSTALCODE={{ .PostalCode }},STREET={{ .Street }},L={{ .Locality }},ST={{ .Province }},C={{ .Country }},", permissions: {
publish: ["agent.>", "agentrollback.>", "notification.>", "certificates.>", "ping.>", "server.update.>", "$JS.API.STREAM.CREATE.>", "$JS.API.STREAM.UPDATE.>",]
}},
{user: "CN=OpenUEM Updater Client,OU=updater,O={{ .Org }},POSTALCODE={{ .PostalCode }},STREET={{ .Street }},L={{ .Locality }},ST={{ .Province }},C={{ .Country }},", permissions: {
sub: {
allow: ["_INBOX.>", "server.update.>", "$JS.API.CONSUMER.CREATE.>", "$JS.API.CONSUMER.MSG.NEXT.>", "$JS.ACK.>", "$JS.NACK.>"]
}
}},
{user: "CN=OpenUEM Agent Worker,OU=worker,O={{ .Org }},POSTALCODE={{ .PostalCode }},STREET={{ .Street }},L={{ .Locality }},ST={{ .Province }},C={{ .Country }},", permissions: {
sub: {
allow: ["report openuem-agents", "deployresult openuem-agents", "ping.agentworker openuem-agents", "agentconfig openuem-agents"]
}
}},
{user: "CN=OpenUEM Agent,OU=agent,O={{ .Org }},POSTALCODE={{ .PostalCode }},STREET={{ .Street }},L={{ .Locality }},ST={{ .Province }},C={{ .Country }},", permissions: {
sub: {
allow: ["_INBOX.>", "agent.update.>", "agentrollback.>", "agent.certificate", "agent.newconfig", "agent.installpackage.>", "agent.uninstallpackage.>", "agent.updatepackage.>", "agent.enable.>", "agent.disable.>", "agent.report.>","agent.startvnc.> openuem-agent-management", "agent.stopvnc.> openuem-agent-management", "agent.restart.> openuem-agent-management"]
},
publish: ["report", "_INBOX.>", "deployresult", "agentconfig","$JS.API.STREAM.INFO.AGENTS_STREAM", "$JS.API.CONSUMER.CREATE.>", "$JS.API.CONSUMER.MSG.NEXT.>", "$JS.ACK.>", "$JS.NACK.>"]
}},
]
}