Solace Beta Opportunity: Solace Terraform Appliance Provider (Declarative SEMP)

rtomkins Member, Employee Posts: 24 Solace Employee

Now Available!  Solace's Hashicorp Terraform Appliance Provider Public Beta Release 0.9.0 is available from the Terraform Registry!

Now is your opportunity to try out the Beta release of the PubSub+ Appliance Provider alone or in combination with the PubSub+ Software Broker Provider for Service Automation! The appliance provider is the second component of our solution to provide the following benefits:

  1. Enable customers to declaratively manage services up and down their CI/CD pipelines
  2. Simplify provisioning to enable not just middleware but also app teams to declaratively generate, add, change, and delete their resources in a message VPN

Check it out here in the Terraform Registry:

We're looking forward to all your feedback to provide the right Declarative SEMP implementation for the PubSub+ Broker!

Please see the release notes below!

Rob Tomkins

Principal Product Product Manager, Solace

Team Leader - APIs, Broker Features, Mesh Management, and Observability

—————————————————————————————————-————————— DSEMP Terraform Softare Broker Provider Beta 0.9.0 Release Notes ———————————————————————————————————————————

Declarative Solace Element Management Protocol (dSEMP) allows you to use Hashicorp Terraform to generate, plan, apply, and destroy components of broker configurations by synchronizing with infrastructure as code. This feature is being provided for Beta testing of Declarative SEMP for Services (message VPN level in PubSub+ Manager) via the appliance provider with Hashicorp Terraform.

BETA Limitations:
-Not supported in production
-Supported for 1 year or until the general availability of the Solace Appliance Provider for Hashicorp Terraform, whichever is shorter
-Support is provided through account teams and not Solace Support
-Functionally aligned to 10.4.1 broker release.
-Fixes to this feature will be limited to future Beta/EA/GA releases
-Future releases of this functionality may not be backward compatible with configuration files used in this release
-Templates and High-Level Configuration Object Terraform modules used to facilitate application team use of declarative SEMP are not included in this Beta

Known Bugs:

  1. Within the message VPN level Declarative SEMP the following objects/resources are coupled to other objects/resource and subject to limitations*:
    a) ACL Profile - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the ACL Profile
    b) User Profile - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the User Profile
    c) Authorization Group - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the Authorization Group
    d) LDAP Group - may not be destroyed without prior removal of links/coupling from all objects/resources referencing the LDAP Group
    e) RDP Consumer OAuth JWT Claims - can not be managed with declarative SEMP
  2. Sub-attribute Terraform validation is not supported
  3. Using Solace Generate Operation with SEMP Objects with a name prefixed by # are not supported
  4. Solace's Generate Operation may create Terraform Object with the symbols #, ", or a terminating / in rare use cases. These symbols must be removed/replaced to plan or apply the generated code

Additional notes:
-Solace is providing its own Generate operation as the current Hashicorp Terraform generate command is immature and does not provide the same level of functionality. As Terraform's generate functionality aligns with Solace Generate, we may deprecate and remove that functionality.
-The Solace Generate operation provides commented-out configuration lines when the broker configuration includes write-only attributes. At General Availability, we plan to provide a variable for the write-only attribute that aligns with a variable for its parent object.
-This "Declarative SEMP - Service Automation - Terraform - Appliance Provider" capability at Beta and GA provides the ability to create, alter, and remove services, including access control lists, clients (including profiles), queues, access control, and JMS JNDI.
-This feature requires a Terraform directory for the configuration of each broker and does not support cross-broker message VPN replication.
-This feature does not support the new openToFu open-source project.

*This restriction is expected to persist beyond General Availability.


  • Rob de Jong
    Rob de Jong Member Posts: 1
    Hi Rob,

    am i correct when assuming that this is only to be used with the appliance and not applicable to other eventbrokers? We are planning a SAP Advanced Event Mesh landscape and would like to use terraform as well ...

    Rob de Jong
  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 500 admin

    Hey @Rob de Jong - we made a post a while back announcing the release of the Terraform provider for the software broker, which you can also use for your cloud AEM

  • peterh
    peterh Member Posts: 2

    Works great to create vpns, queues, clusters and partly links - channels are not created - wonder if this is supported yet ?

  • TomF
    TomF Member, Employee Posts: 408 Solace Employee

    Hi @peterh,

    Welcome to Solace Community, great to have you here!

    Have a look at the Declarative SEMP documentation. In there you'll see a note:

    "…this feature is initially limited to service configuration, which is defined as the configuration elements required to add, remove, or change consumers and/or producers."

    In essence this means it's only targetted at entities inside a Message-VPN for now - such as queues, client profiles, those kind of things. Creating clusters, links, channels etc are broker level entities so they aren't supported yet.

  • peterh
    peterh Member Posts: 2

    Creating clusters work just fine.

    Links also.

    Channels are bit instable, but seems to help with lexical negotiation..

    again, this is just a wrapper ontop of SEMP… Wonder when next 'beta' is coming out ?

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 2

    Do we have any sample git Lab CICD project to refer? We started using the service but want to automate things for Infrastructure.