fix(nats): no_auth_user is top-level, not inside authorization{} — broke broker startup

Caught during the live cutover: nats-server rejects 'unknown field no_auth_user' when it is nested in the authorization block, taking the whole broker down. Both the generator (open stage) and the committed bootstrap default emitted it nested. Moved to top level. Enforce-stage output was unaffected (no no_auth_user), which is what the live broker now runs. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 12:47:14 -04:00
parent 463908b18e
commit 856106174a
2 changed files with 8 additions and 4 deletions
--- a/docker/nats-auth.conf
+++ b/docker/nats-auth.conf
@@ -8,9 +8,11 @@
 # On every real deploy, scripts/generate-nats-auth.mjs OVERWRITES this file
 # (on the host, not in git) with the privileged internal user + per-license
 # scoped users. NATS_AUTH_STAGE defaults to "enforce" (anonymous rejected).
+#
+# NOTE: no_auth_user is a TOP-LEVEL field, NOT inside authorization { }.
 authorization {
  users: [
    { user: "anonymous", password: "", permissions: { publish: { allow: ["corrosion.unclaimed.>"] }, subscribe: { allow: ["corrosion.unclaimed.>"] } } }
  ]
-  no_auth_user: "anonymous"
 }
+no_auth_user: "anonymous"
--- a/scripts/generate-nats-auth.mjs
+++ b/scripts/generate-nats-auth.mjs
@@ -86,10 +86,12 @@ const main = async () => {
    lines.push('    { user: "anonymous", password: "", permissions: { publish: { allow: ["corrosion.unclaimed.>"] }, subscribe: { allow: ["corrosion.unclaimed.>"] } } }');
  }
  lines.push('  ]');
+  lines.push('}');
+  // no_auth_user is a TOP-LEVEL field, NOT inside authorization { } — nesting
+  // it makes nats-server reject the whole config ("unknown field no_auth_user").
  if (NATS_AUTH_STAGE === 'open') {
    lines.push('no_auth_user: "anonymous"');
  }
-  lines.push('}');
  process.stdout.write(lines.join('\n') + '\n');
 };