nats-io / terraform-provider-jetstream

Terraform Provider to manage NATS JetStream
Apache License 2.0
55 stars 13 forks source link

Support creating operators, accounts and users #129

Open ripienaar opened 1 month ago

ripienaar commented 1 month ago

What motivated this proposal?

The new library that allows these things to be done from go

What is the proposed change?

Write new resources matching operators/accounts/users/imports/export etc

Who benefits from this change?

No response

What alternatives have you evaluated?

No response

ripienaar commented 1 month ago
resource "nats_operator" "DEVCO" { 
  service_url = "https://...." // optional
  tags        = [foo, bar]     // optional
} // should export its public key as data

// this must output the public key as data somehow
// really we need to support some kind of descriptions
// for signing keys but we dont at the moment
resource "nats_operator_sk" "FOO" { 
  operator   = "DEVCO"
  depends_on = [
    nats_operator.DEVCO
  ]
} // should export its public key as data

resource "nats_account" "WEATHER_SERVICE" {
  operator   = "DEVCO"

  limits = {                                  // optional
     bearer_tokens = true
     connections   = 1000
     leafnodes     = 100
     payload       = 1024
     subscriptions = 100000
  }

  tags                = [foo, bar]             // optional
  expires             = "2028-01-01 00:00:00"  // optional

  depends_on = [
    nats_operator.DEVCO
  ]  
} // should export its public key as data

resource "nats_account" "USERS" {
  operator   = "DEVCO"

  depends_on = [
    nats_operator.DEVCO
  ]  
} // should export its public key as data

resource "nats_account_export" "WEATHER" {
  operator    = "DEVCO"
  account     = "WEATHER_SERVICE"
  subject     = "weather.v1.>"

  depends_on = [
    nats_operator.DEVCO
    nats_account.USERS
  ]  

  // optional below
  description    = "V1 Weather Service"
  url            = "https://...."
  token-position = 2
  advertise      = true
} // should export its public key as data

resource "nats_user", "BOB" {
 operator    = "DEVCO"
 account     = "USERS"

 depends_on = [
    nats_operator.DEVCO
    nats_account.USERS
  ]  

 // optional below
 signer      = "ID_OF_SIGNINGLEY" // should be looked up by id, see comments below
 tags        = [ tags ]

 limits = {
   payload            = 10000
   bearer_tokens      = true
   subscriptions      = 100
 }

 publish = {
   allow = [ subjects ]
   deny = [ subjects ] 
 }

 subscribe = {
   allow = [ subjects ]
   deny = [ subjects ]
 }
} // should export its public key as data

resource "nats_import" "USERS_WEATHER_SERVICE" {
  operator    = "DEVCO"
  account     = "USERS"
  subject     = "weather.v1.>"
  local       = "services.weather.v1.>"

  // how to fetch the public key from the account resource automatically?
  // else this couldnt converge in one run. We could set the public key 
  // as the resource id then it would be like nats_account.WEATHER_SERVICE.id
  // to do the fetch here, that's probably the way to go. Probably this should
  // be how all IDs are generated as we do that for the JWTs anyway
  source      = "WEATHER_SERVICE_PUBLIC_KEY" 

  depends_on = [
    nats_operator.DEVCO
    nats_account.USERS
  ]  

  // optional below
  share       = true
  traceable   = true
  service     = true
} // should export its public key as data