Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a reason, why there is no ressource to add User ? #100

Closed
fasibio opened this issue Oct 4, 2023 · 6 comments
Closed

Is there a reason, why there is no ressource to add User ? #100

fasibio opened this issue Oct 4, 2023 · 6 comments
Labels
proposal Enhancement idea or proposal

Comments

@fasibio
Copy link

fasibio commented Oct 4, 2023

What motivated this proposal?

Want to add new User. to split permission f.E. new users

What is the proposed change?

Make it possible to Add new User, so each serivce with connection to nats can create his own user by deployment and use them by deployed service.

Who benefits from this change?

User is a "ressoure" as well. so it make sense this is manageable

What alternatives have you evaluated?

No response
@fasibio fasibio added the proposal Enhancement idea or proposal label Oct 4, 2023
@ripienaar
Copy link
Collaborator

Never had a request for this tbh, with the user store being just files on your local disk it’s kind of weird.

We are working on a library that supports pluggable stores like maybe jetstream KV and that could be used for something like this but it’s some way off.

@fasibio
Copy link
Author

fasibio commented Oct 4, 2023

Oh i am not sure if with missunderstand each other, so i will try to explain with other words.
At the moment i use nsc add user -a $NATS_ACCOUNT_NAME -n $NATS_USER_NAME and its hard to handle this value by service creation. So the idea was to handle this over TF.

resource "jetstream_user" "SERVICE_A" {
  name = "service A "
  account= "FOO"
 allow-pub =  ["A.*", "B.>"]
allow-sub = [...]
... 
}

But I understand what you mean. This Ressource will only be handled locally...
I am also not sure... but its hard to handle this dezentral at the moment..

@ripienaar
Copy link
Collaborator

Yes, I know that's what you want to achieve. I am saying nsc only really just store the "database" in your local machine, thats not really what TF is for.

Eventually we could support other data stored for nsc, like a stream or kv, and then having a TF provider make sense.

Further nsc has no API for anything else to build on. We are currently building that API to enable this kind of thing (though nats CLI will be first target)

@fasibio
Copy link
Author

fasibio commented Oct 13, 2023

Yes, I know that's what you want to achieve. I am saying nsc only really just store the "database" in your local machine, thats not really what TF is for. => I am not 100% agree here.

I understand you point but ressources like f.E.:

random_password also store this data only locally.

@ripienaar
Copy link
Collaborator

ripienaar commented Oct 13, 2023
edited
Loading

Just because they do a bad thing doesnt mean we should :)

But no, the way the terraform random resource works is by using unique seeds to generate preditcable outputs and then to store it in the state. Same as any other TF resource. For state resiliance it can go in remote stores like S3 or whatever. The fact that it starts as single use local storage is nice to start with but not how you use terraform in production.

In constrast with nsc a local disk store is the only possible supported store right now and there are no other options, this is not in line with how TF is used or what its for.

Once we have network stores for the nsc database we can revist, for now I am afraid its not something we'll work on.

@ripienaar
Copy link
Collaborator

Closing in favour of #129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposal Enhancement idea or proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ripienaar @fasibio