dotnet · eerhardt · Nov 6, 2024 · Oct 11, 2024 · Oct 12, 2024 · Oct 12, 2024
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -125,7 +125,7 @@
     <PackageVersion Include="MongoDB.Driver.Core.Extensions.DiagnosticSources" Version="1.5.0" />
     <PackageVersion Include="MySqlConnector.DependencyInjection" Version="2.3.6" />
     <PackageVersion Include="MySqlConnector.Logging.Microsoft.Extensions.Logging" Version="2.1.0" />
-    <PackageVersion Include="NATS.Net" Version="2.5.2" />
+    <PackageVersion Include="NATS.Net" Version="2.5.3" />
     <PackageVersion Include="Npgsql.DependencyInjection" Version="8.0.5" />
     <PackageVersion Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="$(NpgsqlEntityFrameworkCorePostgreSQLPackageVersion)" />
     <PackageVersion Include="OpenAI" Version="2.0.0" />
@@ -201,4 +201,4 @@
     <PackageVersion Include="System.Formats.Asn1" Version="$(SystemFormatsAsn1PackageVersion)" />
     <PackageVersion Include="System.Text.Json" Version="$(SystemTextJsonPackageVersion)" />
   </ItemGroup>
-</Project>
+</Project>
diff --git a/playground/nats/Nats.AppHost/aspire-manifest.json b/playground/nats/Nats.AppHost/aspire-manifest.json
@@ -3,9 +3,13 @@
   "resources": {
     "nats": {
       "type": "container.v0",
-      "connectionString": "nats://{nats.bindings.tcp.host}:{nats.bindings.tcp.port}",
+      "connectionString": "nats://nats:{nats-password.value}@{nats.bindings.tcp.host}:{nats.bindings.tcp.port}",
       "image": "docker.io/library/nats:2.10",
       "args": [
+        "--user",
+        "nats",
+        "--pass",
+        "{nats-password.value}",
         "-js"
       ],
       "bindings": {
@@ -66,6 +70,22 @@
           "transport": "http"
         }
       }
+    },
+    "nats-password": {
+      "type": "parameter.v0",
+      "value": "{nats-password.inputs.value}",
+      "inputs": {
+        "value": {
+          "type": "string",
+          "secret": true,
+          "default": {
+            "generate": {
+              "minLength": 22,
+              "special": false
+            }
+          }
+        }
+      }
     }
   }
 }
diff --git a/src/Aspire.Hosting.Nats/NatsBuilderExtensions.cs b/src/Aspire.Hosting.Nats/NatsBuilderExtensions.cs
@@ -19,6 +19,7 @@ public static class NatsBuilderExtensions
 {
     /// <summary>
     /// Adds a NATS server resource to the application model. A container is used for local development.
+    /// This configures a default user name and password for the NATS server.
     /// </summary>
     /// <remarks>
     /// This version of the package defaults to the <inheritdoc cref="NatsContainerImageTags.Tag"/> tag of the <inheritdoc cref="NatsContainerImageTags.Image"/> container image.
@@ -27,12 +28,30 @@ public static class NatsBuilderExtensions
     /// <param name="name">The name of the resource. This name will be used as the connection string name when referenced in a dependency.</param>
     /// <param name="port">The host port for NATS server.</param>
     /// <returns>The <see cref="IResourceBuilder{T}"/>.</returns>
-    public static IResourceBuilder<NatsServerResource> AddNats(this IDistributedApplicationBuilder builder, [ResourceName] string name, int? port = null)
+    public static IResourceBuilder<NatsServerResource> AddNats(this IDistributedApplicationBuilder builder, [ResourceName] string name, int? port)
+    {
+        return AddNats(builder, name, port, null);
+    }
+
+    /// <summary>
+    /// Adds a NATS server resource to the application model. A container is used for local development.
+    /// </summary>
+    /// <param name="builder">The <see cref="IDistributedApplicationBuilder"/>.</param>
+    /// <param name="name">The name of the resource. This name will be used as the connection string name when referenced in a dependency.</param>
+    /// <param name="port">The host port for NATS server.</param>
+    /// <param name="userName">The parameter used to provide the user name for the PostgreSQL resource. If <see langword="null"/> a default value will be used.</param>
+    /// <param name="password">The parameter used to provide the administrator password for the PostgreSQL resource. If <see langword="null"/> a random password will be generated.</param>
+    /// <returns>The <see cref="IResourceBuilder{T}"/>.</returns>
+    public static IResourceBuilder<NatsServerResource> AddNats(this IDistributedApplicationBuilder builder, [ResourceName] string name, int? port = null,
+        IResourceBuilder<ParameterResource>? userName = null,
+        IResourceBuilder<ParameterResource>? password = null)
     {
         ArgumentNullException.ThrowIfNull(builder);
         ArgumentNullException.ThrowIfNull(name);
 
-        var nats = new NatsServerResource(name);
+        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-password", special: false);
+
+        var nats = new NatsServerResource(name, userName?.Resource, passwordParameter);
 
         NatsConnection? natsConnection = null;
 
@@ -46,7 +65,15 @@ public static IResourceBuilder<NatsServerResource> AddNats(this IDistributedAppl
                 LoggerFactory = @event.Services.GetRequiredService<ILoggerFactory>(),
             };
 
-            options = options with { Url = connectionString };
+            options = options with
+            {
+                Url = connectionString,
+                AuthOpts = new()
+                {
+                    Username = await nats.UserNameReference.GetValueAsync(ct).ConfigureAwait(false),
+                    Password = nats.PasswordParameter!.Value,
+                }
+            };
 
             natsConnection = new NatsConnection(options);
         });
@@ -61,10 +88,17 @@ public static IResourceBuilder<NatsServerResource> AddNats(this IDistributedAppl
               timeout: default));
 
         return builder.AddResource(nats)
-                      .WithEndpoint(targetPort: 4222, port: port, name: NatsServerResource.PrimaryEndpointName)
-                      .WithImage(NatsContainerImageTags.Image, NatsContainerImageTags.Tag)
-                      .WithImageRegistry(NatsContainerImageTags.Registry)
-                      .WithHealthCheck(healthCheckKey);
+            .WithEndpoint(targetPort: 4222, port: port, name: NatsServerResource.PrimaryEndpointName)
+            .WithImage(NatsContainerImageTags.Image, NatsContainerImageTags.Tag)
+            .WithImageRegistry(NatsContainerImageTags.Registry)
+            .WithHealthCheck(healthCheckKey)
+            .WithArgs(context =>
+            {
+                context.Args.Add("--user");
+                context.Args.Add(nats.UserNameReference);
+                context.Args.Add("--pass");
+                context.Args.Add(nats.PasswordParameter!);
+            });
     }
 
     /// <summary>

diff --git a/src/Aspire.Hosting.Nats/NatsServerResource.cs b/src/Aspire.Hosting.Nats/NatsServerResource.cs
@@ -10,25 +10,65 @@ namespace Aspire.Hosting.ApplicationModel;
 /// A resource that represents a NATS server container.
 /// </summary>
 /// <param name="name">The name of the resource.</param>
-
 public class NatsServerResource(string name) : ContainerResource(ThrowIfNull(name)), IResourceWithConnectionString
 {
     internal const string PrimaryEndpointName = "tcp";
     internal const string PrimaryNatsSchemeName = "nats";
+    private const string DefaultUserName = "nats";
 
     private EndpointReference? _primaryEndpoint;
 
+    /// <summary>
+    /// Initializes a new instance of the <see cref="NatsServerResource"/> class.
+    /// </summary>
+    /// <param name="name">The name of the resource.</param>
+    /// <param name="userName">A parameter that contains the NATS server user name, or <see langword="null"/> to use a default value.</param>
+    /// <param name="password">A parameter that contains the NATS server password.</param>
+    public NatsServerResource(string name, ParameterResource? userName, ParameterResource? password) : this(name)
+    {
+        UserNameParameter = userName;
+        PasswordParameter = password;
+    }
+
     /// <summary>
     /// Gets the primary endpoint for the NATS server.
     /// </summary>
     public EndpointReference PrimaryEndpoint => _primaryEndpoint ??= new(this, PrimaryEndpointName);
 
+    /// <summary>
+    /// Gets or sets the user name for the NATS server.
+    /// </summary>
+    public ParameterResource? UserNameParameter { get; set; }
+
+    internal ReferenceExpression UserNameReference =>
+        UserNameParameter is not null ?
+            ReferenceExpression.Create($"{UserNameParameter}") :
+            ReferenceExpression.Create($"{DefaultUserName}");
+
+    /// <summary>
+    /// Gets or sets the password for the NATS server.
+    /// </summary>
+    public ParameterResource? PasswordParameter { get; set; }
+
     /// <summary>
     /// Gets the connection string expression for the NATS server.
     /// </summary>
-    public ReferenceExpression ConnectionStringExpression =>
-        ReferenceExpression.Create(
-            $"{PrimaryNatsSchemeName}://{PrimaryEndpoint.Property(EndpointProperty.Host)}:{PrimaryEndpoint.Property(EndpointProperty.Port)}");
+    public ReferenceExpression ConnectionStringExpression => BuildConnectionString();
+
+    internal ReferenceExpression BuildConnectionString()
+    {
+        var builder = new ReferenceExpressionBuilder();
+        builder.AppendLiteral($"{PrimaryNatsSchemeName}://");
+
+        if (PasswordParameter is not null)
+        {
+            builder.Append($"{UserNameReference}:{PasswordParameter}@");
+        }
+
+        builder.Append($"{PrimaryEndpoint.Property(EndpointProperty.Host)}:{PrimaryEndpoint.Property(EndpointProperty.Port)}");
+
+        return builder.Build();
+    }
 
     private static string ThrowIfNull([NotNull] string? argument, [CallerArgumentExpression(nameof(argument))] string? paramName = null)
         => argument ?? throw new ArgumentNullException(paramName);

diff --git a/src/Aspire.Hosting.Nats/PublicAPI.Shipped.txt b/src/Aspire.Hosting.Nats/PublicAPI.Shipped.txt
@@ -4,7 +4,7 @@ Aspire.Hosting.ApplicationModel.NatsServerResource.ConnectionStringExpression.ge
 Aspire.Hosting.ApplicationModel.NatsServerResource.NatsServerResource(string! name) -> void
 Aspire.Hosting.ApplicationModel.NatsServerResource.PrimaryEndpoint.get -> Aspire.Hosting.ApplicationModel.EndpointReference!
 Aspire.Hosting.NatsBuilderExtensions
-static Aspire.Hosting.NatsBuilderExtensions.AddNats(this Aspire.Hosting.IDistributedApplicationBuilder! builder, string! name, int? port = null) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>!
+static Aspire.Hosting.NatsBuilderExtensions.AddNats(this Aspire.Hosting.IDistributedApplicationBuilder! builder, string! name, int? port) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>!
 static Aspire.Hosting.NatsBuilderExtensions.WithDataBindMount(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>! builder, string! source, bool isReadOnly = false) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>!
 static Aspire.Hosting.NatsBuilderExtensions.WithDataVolume(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>! builder, string? name = null, bool isReadOnly = false) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>!
 static Aspire.Hosting.NatsBuilderExtensions.WithJetStream(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>! builder) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>!

diff --git a/src/Aspire.Hosting.Nats/PublicAPI.Unshipped.txt b/src/Aspire.Hosting.Nats/PublicAPI.Unshipped.txt
@@ -1,2 +1,7 @@
 #nullable enable
-
+Aspire.Hosting.ApplicationModel.NatsServerResource.NatsServerResource(string! name, Aspire.Hosting.ApplicationModel.ParameterResource? userName, Aspire.Hosting.ApplicationModel.ParameterResource? password) -> void
+Aspire.Hosting.ApplicationModel.NatsServerResource.PasswordParameter.get -> Aspire.Hosting.ApplicationModel.ParameterResource?
+Aspire.Hosting.ApplicationModel.NatsServerResource.PasswordParameter.set -> void
+Aspire.Hosting.ApplicationModel.NatsServerResource.UserNameParameter.get -> Aspire.Hosting.ApplicationModel.ParameterResource?
+Aspire.Hosting.ApplicationModel.NatsServerResource.UserNameParameter.set -> void
+static Aspire.Hosting.NatsBuilderExtensions.AddNats(this Aspire.Hosting.IDistributedApplicationBuilder! builder, string! name, int? port = null, Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.ParameterResource!>? userName = null, Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.ParameterResource!>? password = null) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.NatsServerResource!>!