feat(inputs.nats_consumer): Add nkey-seed-file authentication (#14375)

plugins/inputs/nats_consumer/README.md

@@ -6,6 +6,10 @@ creates metrics using one of the supported [input data formats][].
 A [Queue Group][queue group] is used when subscribing to subjects so multiple
 instances of telegraf can read from a NATS cluster in parallel.
 
+There are three methods of (optionally) authenticating with NATS:
+[username/password][userpass], [a NATS creds file][creds] (NATS 2.0), or
+an [nkey seed file][nkey] (NATS 2.0).
+
 ## Service Input <!-- @/docs/includes/service_input.md -->
 
 This plugin is a service input. Normal plugins gather metrics determined by the
@@ -51,13 +55,16 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
   ## name a queue group
   queue_group = "telegraf_consumers"
 
-  ## Optional credentials
+  ## Optional authentication with username and password credentials
   # username = ""
   # password = ""
 
-  ## Optional NATS 2.0 and NATS NGS compatible user credentials
+  ## Optional authentication with NATS credentials file (NATS 2.0)
   # credentials = "/etc/telegraf/nats.creds"
 
+  ## Optional authentication with nkey seed file (NATS 2.0)
+  # nkey_seed = "/etc/telegraf/seed.txt"
+
   ## Use Transport Layer Security
   # secure = false
 
@@ -95,6 +102,9 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 [nats]: https://www.nats.io/about/
 [input data formats]: /docs/DATA_FORMATS_INPUT.md
 [queue group]: https://www.nats.io/documentation/concepts/nats-queueing/
+[userpass]: https://docs.nats.io/using-nats/developer/connecting/userpass
+[creds]: https://docs.nats.io/using-nats/developer/connecting/creds
+[nkey]: https://docs.nats.io/using-nats/developer/connecting/nkey
 
 ## Metrics
 

plugins/inputs/nats_consumer/nats_consumer.go

@@ -44,6 +44,7 @@ type natsConsumer struct {
 	Username    string   `toml:"username"`
 	Password    string   `toml:"password"`
 	Credentials string   `toml:"credentials"`
+	NkeySeed    string   `toml:"nkey_seed"`
 	JsSubjects  []string `toml:"jetstream_subjects"`
 
 	tls.ClientConfig
@@ -106,6 +107,14 @@ func (n *natsConsumer) Start(acc telegraf.Accumulator) error {
 		options = append(options, nats.UserCredentials(n.Credentials))
 	}
 
+	if n.NkeySeed != "" {
+		opt, err := nats.NkeyOptionFromSeed(n.NkeySeed)
+		if err != nil {
+			return err
+		}
+		options = append(options, opt)
+	}
+
 	if n.Secure {
 		tlsConfig, err := n.ClientConfig.TLSConfig()
 		if err != nil {

plugins/inputs/nats_consumer/sample.conf

@@ -20,13 +20,16 @@
   ## name a queue group
   queue_group = "telegraf_consumers"
 
-  ## Optional credentials
+  ## Optional authentication with username and password credentials
   # username = ""
   # password = ""
 
-  ## Optional NATS 2.0 and NATS NGS compatible user credentials
+  ## Optional authentication with NATS credentials file (NATS 2.0)
   # credentials = "/etc/telegraf/nats.creds"
 
+  ## Optional authentication with nkey seed file (NATS 2.0)
+  # nkey_seed = "/etc/telegraf/seed.txt"
+
   ## Use Transport Layer Security
   # secure = false