Introduce Storage Bucket Resource

[maveonair]

Description

This pull request aims to improve the capabilities of this Terraform provider by adding support for managing storage buckets and their access keys.

Proposed resource definitions

Storage Bucket Creation

resource "incus_storage_bucket" "bucket1" {
  name    = "bucket1"
  project = "default"
  pool    = "default"
}

resource "incus_storage_bucket_key" "reader" {
  name           = "reader"
  description    = "Read-Only User"
  pool           = incus_storage_bucket.bucket1.pool
  storage_bucket = incus_storage_bucket.bucket1.name
}

resource "incus_storage_bucket_key" "writer" {
  name           = "writer"
  description    = "Write User"
  role           = "admin"
  pool           = incus_storage_bucket.bucket1.pool
  storage_bucket = incus_storage_bucket.test1.name
}

Import existing Storage Bucket and Key

resource "incus_storage_bucket" "bucket2" {
  name = "bucket2"
  pool = "default"
}

import {
  id = "default/default/bucket2" # project/pool/bucket_name
  to = incus_storage_bucket.bucket2
}

resource "incus_storage_bucket_key" "admin" {
  name           = "admin"
  role           = "admin"
  description    = "Admin User"
  pool           = incus_storage_bucket.bucket2.pool
  storage_bucket = incus_storage_bucket.bucket2.name
}

import {
  id = "default/default/bucket2/admin"  # project/pool/bucket_name/key_name
  to = incus_storage_bucket_key.admin
}

Open Questions

I would like to gather feedback and opinions on how to handle the following aspect:

Admin Key Creation

Incus always creates an admin key when a storage bucket is created. I would like to know how to approach this situation:

• Option 1: Ignore the fact that an admin key is always created and the user should use the Terraform import function to make the admin key usable within Terraform.

• Option 2: Expose the admin key on the storage bucket itself as the computed values admin_access_key and admin_secret_key, if the admin key is available.

At the moment I prefer "Option 1" to avoid additional implementation logic in the Terraform provider, as it could be that the admin token was deleted by an operator after the bucket was created. This means that the admin_access_key and admin_secret_key would no longer exist, which could lead to confusion.

Please share your thoughts and preferences regarding this matter.

[maveonair]

@mdavidsen @adamcstephens I would appreciate your feedback 😊

[adamcstephens]

I'm not very experienced with the storage buckets. If the bucket is cluster node targeted, does the key need to be as well?

[adamcstephens]

Is this needed? This should be retrievable through target, and in fact both are set from the same value below.

[maveonair]

I have been following the implementation of the resource_storage volume. If there is no added value by exporting this attribute, that I would suggest we remove it?

[maveonair]

I'm not very experienced with the storage buckets. If the bucket is cluster node targeted, does the key need to be as well?

As I can see, the location information is part of the storage bucket:

$ incus storage bucket show default bucket1
config: {}
description: ""
name: bucket1
s3_url: ""
location: none

but not set for a storage bucket key:

$ incus storage bucket key show default bucket1 admin
description: Admin user
role: admin
access-key: .....
secret-key: .....
name: admin

@stgraber could you please provide some details here?

[stgraber]

The storage bucket key doesn't have a location because it's tied to a specific storage bucket which does have a location.

Storage buckets are location-specific on most storage pool drivers. The exception to that being when they are on a remote storage pool such as ceph.

[mdavidsen]

Looks good to me!