Solace Beta Opportunity: Solace Terraform Appliance Provider (Declarative SEMP)

rtomkins
rtomkins Member, Employee Posts: 26 Solace Employee

Now Available!  Solace's Hashicorp Terraform Appliance Provider Public Beta Release 0.9.0 is available from the Terraform Registry!

Now is your opportunity to try out the Beta release of the PubSub+ Appliance Provider alone or in combination with the PubSub+ Software Broker Provider for Service Automation! The appliance provider is the second component of our solution to provide the following benefits:

  1. Enable customers to declaratively manage services up and down their CI/CD pipelines
  2. Simplify provisioning to enable not just middleware but also app teams to declaratively generate, add, change, and delete their resources in a message VPN

Check it out here in the Terraform Registry: https://registry.terraform.io/providers/SolaceProducts/solacebrokerappliance/latest

We're looking forward to all your feedback to provide the right Declarative SEMP implementation for the PubSub+ Broker!

Please see the release notes below!

Rob Tomkins

Principal Product Product Manager, Solace

Team Leader - APIs, Broker Features, Mesh Management, and Observability

—————————————————————————————————-————————— DSEMP Terraform Softare Broker Provider Beta 0.9.0 Release Notes ———————————————————————————————————————————

Declarative Solace Element Management Protocol (dSEMP) allows you to use Hashicorp Terraform to generate, plan, apply, and destroy components of broker configurations by synchronizing with infrastructure as code. This feature is being provided for Beta testing of Declarative SEMP for Services (message VPN level in PubSub+ Manager) via the appliance provider with Hashicorp Terraform.

BETA Limitations:
-Not supported in production
-Supported for 1 year or until the general availability of the Solace Appliance Provider for Hashicorp Terraform, whichever is shorter
-Support is provided through account teams and not Solace Support
-Functionally aligned to 10.4.1 broker release.
-Fixes to this feature will be limited to future Beta/EA/GA releases
-Future releases of this functionality may not be backward compatible with configuration files used in this release
-Templates and High-Level Configuration Object Terraform modules used to facilitate application team use of declarative SEMP are not included in this Beta

Known Bugs:

  1. Within the message VPN level Declarative SEMP the following objects/resources are coupled to other objects/resource and subject to limitations*:
    a) ACL Profile - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the ACL Profile
    b) User Profile - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the User Profile
    c) Authorization Group - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the Authorization Group
    d) LDAP Group - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the LDAP Group
    e) RDP Consumer OAuth JWT Claims - can not be managed with declarative SEMP
  2. Sub-attribute Terraform validation is not supported
  3. Using Solace Generate Operation with SEMP Objects with a name prefixed by # are not supported
  4. Solace's Generate Operation may create Terraform Object with the symbols #, ", or a terminating / in rare use cases. These symbols must be removed/replaced to plan or apply the generated code

Additional notes:
-Solace is providing its own Generate operation as the current Hashicorp Terraform generate command is immature and does not provide the same level of functionality. As Terraform's generate functionality aligns with Solace Generate, we may deprecate and remove that functionality.
-The Solace Generate operation provides commented-out configuration lines when the broker configuration includes write-only attributes. At General Availability, we plan to provide a variable for the write-only attribute that aligns with a variable for its parent object.
-This "Declarative SEMP - Service Automation - Terraform - Appliance Provider" capability at Beta and GA provides the ability to create, alter, and remove services, including access control lists, clients (including profiles), queues, access control, and JMS JNDI.
-This feature requires a Terraform directory for the configuration of each broker and does not support cross-broker message VPN replication.
-This feature does not support the new openToFu open-source project.

*This restriction is expected to persist beyond General Availability.

Comments

  • Rob de Jong
    Rob de Jong Member Posts: 1
    Hi Rob,

    am i correct when assuming that this is only to be used with the appliance and not applicable to other eventbrokers? We are planning a SAP Advanced Event Mesh landscape and would like to use terraform as well ...

    KR,
    Rob de Jong
  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 541 admin

    Hey @Rob de Jong - we made a post a while back announcing the release of the Terraform provider for the software broker, which you can also use for your cloud AEM

  • peterh
    peterh Member Posts: 3

    Works great to create vpns, queues, clusters and partly links - channels are not created - wonder if this is supported yet ?

  • TomF
    TomF Member, Employee Posts: 412 Solace Employee

    Hi @peterh,

    Welcome to Solace Community, great to have you here!

    Have a look at the Declarative SEMP documentation. In there you'll see a note:

    "…this feature is initially limited to service configuration, which is defined as the configuration elements required to add, remove, or change consumers and/or producers."

    In essence this means it's only targetted at entities inside a Message-VPN for now - such as queues, client profiles, those kind of things. Creating clusters, links, channels etc are broker level entities so they aren't supported yet.

  • peterh
    peterh Member Posts: 3

    Creating clusters work just fine.

    Links also.

    Channels are bit instable, but seems to help with lexical negotiation..

    again, this is just a wrapper ontop of SEMP… Wonder when next 'beta' is coming out ?

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Do we have any sample git Lab CICD project to refer? We started using the service but want to automate things for Infrastructure.

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 541 admin

    Hey @swapnil_mahajan - what is your use case? I have a couple of samples that use the terraform provider you can refer to for a starting point and example to how this could be used, however it's not intended for production level setup.

    This repo uses the provider to setup a broker for DT readiness

    https://github.com/spencerhank/solace-terraform-samples

    This repo auto generates terraform configurations based on a Solace Event Portal configuration

    https://github.com/TamimiGitHub/solace-terraform-provisioning

    Feel free to share your projects and ideas on the community as a new post, would love to get a better understanding on how you would use it!

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Hey @Tamimi thanks for your reply. ☺️

    We have recently introduced SAP AEM(Solace) within our organization and have already begun leveraging event-driven architecture (EDA) in several projects through SAP AEM Event Broker. Currently, event broker service instances are manually provisioned via the Event Manager portal. To streamline and scale our deployment process, we are initiating a proof of concept (POC) to automate the creation of queues, topics, and ACL profiles using GitLab CI/CD. This automation aims to enable seamless deployment across various environments such as DEV, QA, and PROD, eliminating the need for manual intervention and ensuring consistent deployment practices.

    For now I am getting below error for solace registry.

    Initializing provider plugins...24- Finding latest version of solaceproducts/solacebroker...2526Error: Failed to query available provider packages2728│ Could not retrieve the list of available versions for provider29│ solaceproducts/solacebroker: could not connect to registry.terraform.io:30│ failed to request discovery document: Get31│ "": context32│ deadline exceeded https://registry.terraform.io/.well-known/terraform.json

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 541 admin

    Thanks for the background details! Interesting you're getting that error.. how are you configuring your provider in the providers.tf file?

    terraform {
      required_providers {
        solacebroker = {
          source = "registry.terraform.io/solaceproducts/solacebroker"
        }
      }
    }
    
    # Configure the   provider
    provider "solacebroker" {
      username = var.semp_username
      password = var.semp_password
      url      = var.solace_url
    }
    

    This is how I configure my provider and Terraform finds the solacebroker registry which is found here

    https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭
    edited July 2 #11

    Hey @Tamimi I did not use providers.tf. I placed below code in main.tf only. I see its matching your code.

    terraform {
    required_providers {
    solacebroker = {
    source = "registry.terraform.io/solaceproducts/solacebroker"
    }
    }
    }

    provider "solacebroker" {
    username = var.username
    password = var.password
    url = var.url
    }

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭
    edited July 2 #12

    After placing the provider code in separate terraform file-provider.tf, I am still getting same error as below

    Initializing provider plugins...24- Finding latest version of solaceproducts/solacebroker...2526Error: Failed to query available provider packages2728│ Could not retrieve the list of available versions for provider29│ solaceproducts/solacebroker: could not connect to registry.terraform.io:30│ failed to request discovery document: Get31│ "": net/http:32│ request canceled while waiting for connection (Client.Timeout exceeded33│ while awaiting headers) https://registry.terraform.io/.well-known/terraform.json

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 541 admin

    @swapnil_mahajan hmm - could you try installing another provider? It looks like the error could not connect to registry.terraform. might be issues with your DNS? Check this post https://discuss.hashicorp.com/t/terraform-init-could-not-connect-to-registry-terraform-io/34681/2

    It doesnt seem like it is a problem with the provider so consider checking your firewall settings perhaps that might be the issue…

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Thanks @Tamimi issue is resolved using NO_PROXY.