Add error and its check for collision with JS API

[AlbericC]

• Link to issue, e.g. Resolves #NNN
• Documentation added (if applicable)
• Tests added
• Branch rebased on top of current main (git pull --rebase origin main)
• Changes squashed to a single commit (described here)
• Build is green in Travis CI
• You have certified that the contribution is your original work and that you license the work to the project under the Apache 2 license

Resolves #3531

Changes proposed in this pull request:

• check for collision with JS API when account creates a stream
• New error for this case

/cc @nats-io/core

[ripienaar]

This will help of course - we planned to add this before but with cross accounts, domains etc it’s a mine field. And of course many other subjects are problematic also.

We should for sure also stop just “>” for example also

[ripienaar]

I guess this should stop > also though as it would over lap

[AlbericC]

that was my first thought also, but with (possibly) exported JetStream services, I wanted to target the JS API more specifically.

Although '>' sure poses a problem every time, I can imagine a (twisted) use-case where one would want to use a stream to keep an history of $JS.EVENT.ADVISORY.> for instance.

[ripienaar]

Yeah so we definitely shouldn’t stop advisories from being ingested that’s a good point.

And to be pedantic you CAN ingest > you just need to turn off ack on the stream.

[ripienaar]

I do seem to recall some users having a stream on the API subject without acks for audit purposes.

[AlbericC]

Pretty good point I'll take that into account and correct my code accordingly

[AlbericC]

for the record a test exists to ensure events, etc are OK

nats-server/server/jetstream_test.go

Line 1085 in cb086bc

// Events and Advisories etc should be ok.

[AlbericC]

I guess this should stop > also though as it would over lap

yes, it does. Included a test case for it to make that explicit

[AlbericC]

I made this pull request kind of quick, do not hesitate to reject it if you want me to do it again in a cleaner way (branched, rebased, squashed).

[kozlovic]

Since I would consider this a breaking change (since possibly existing streams would fail to be recovered, etc..) should this go only on the next 2.10.0 release? I have created the dev branch today that will hold the changes in main (the patches) and all PRs that are targeted for the next release. If we all agree that this is possibly breaking and should go in 2.10.0, could you alter your PR to be against the dev branch instead of main?

[bruth]

An undertone of this PR is the need to extend the authorization model transparently for JetStream primitives. That said, there may be an incremental improvement here as an opt-in (non-breaking) account limit that could guard against creating streams that bind to the JS API.

[wallyqs]

Addressed via #5548