Configure TLS for connection to NATS KV

[bennycooly]

Is your feature request related to a problem? Please describe.

Currently there are options to connect to the events bus (NATS) with certificates provided in env vars:

• OCIS_EVENTS_ENABLE_TLS
• OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE

However, there aren't any similar env vars to connect to the registry when using nats-js-kv.

Describe the solution you'd like

Add similar env vars to connect to the app registry:

• OCIS_REGISTRY_ENABLE_TLS
• OCIS_REGISTRY_TLS_ROOT_CA_CERTIFICATE

The NATS options can be configured in the file:
https://github.com/owncloud/ocis/blob/master/ocis-pkg/natsjsregistry/registry.go#L170-L182

Describe alternatives you've considered

Currently we'd have to disable TLS completely in our NATS instance, or have a separate NATS instance just for the registry.

Additional context

[micbar]

@kobergj Can you take a look please?

[kobergj]

Yes. Absolutely valid point. This was not taken into account on initial implementation, but should be fairly easy to implement.

We should also add an option to add TLS config for the nats-js-kv stores, not only for the registry: https://github.com/cs3org/reva/blob/edge/pkg/store/store.go#L139-L151

But maybe we should adjust envvar names so we can reuse the same on all nats related features (evenst/stores/caches/registry)? I mean this will probably always be the same anyways.

[micbar]

But maybe we should adjust envvar names so we can reuse the same on all nats related features (evenst/stores/caches/registry)? I mean this will probably always be the same anyways.

I strongly vote for sticking to KISS

[kobergj]

I strongly vote for sticking to KISS

So that means we add new envvar OCIS_NATS_ENABLE_TLS and OCIS_NATS_TLS_ROOT_CA_CERTIFICATE and use them everywhere? We can deprecate exiting events - tls envars.