Feature Request: Add a resource for bootstrapping Nomad ACL

[guifran001]

Using the BootstrapOpts() method of the client API, a resource could be created to bootstrap Nomad ACL and retrieve the Secret ID.

It would be simpler and nicer than calling the CLI and retrieve the stdout when setting up a Nomad Cluster.

Would it be a good idea ?

My use case is that I'm using a custom Pulumi provider to deploy nomad as a Windows Service on bare metal and I would like to be able to bootstrap the ACL as well.

This resource would not do anything on Update or on Delete; I would let the bootstrap reset manual. For my use case, the resource would belong to the same stack than the one installing Nomad.

resource "nomad_acl_bootstrap_token" "bootstrap" {
  name            = "bootstrap"
  bootstrap_token = ""
}

output "nomad_token" {
  value = nomad_acl_bootstrap_token.bootstrap.secret_id
}

If one is passing a bootstrap token on creation and change it, it would be only ignored.

Does anyone think of any major flaw with this feature ? (I could open a pr if no one sees a big flaw to manage that as a resource)

[lgfa29]

Hi @guifran001 👋

This could be very handy. @lhaig started working on something like this but didn't have time to finish. If you feel like picking up the work the branch is f-bootstrap-token.

Our main concern would be having the root token stored in state, but keep state safe is already mandatory for using Terraform, so I think we just need to document this properly 🙂

[xsvil]

This would be very useful. Is it planned to be merged soon?