Closed haarchri closed 3 weeks ago
Some pointers for reference:
We took an initial look at this:
UpdateBroker
operation in the Amazon MQ REST API does not allow updating the broker users (please search for the definition of UpdateBrokerInput
object in the given link). So while one can provision broker users (with some constraints on RabbitMQ) using the CreateBroker
operation, it's not possible to update them via the UpdateBroker
operation. Broker.mq
MR.UpdateUser
operation on the User
resource that allows updating ActiveMQ users. Currently, a corresponding Terraform resource is missing in the Terraform AWS provider.DescribeBroker
output (please see the LogsSummary
schema). However, the Terraform AWS provider does not extract that information from the SDK response and the Terraform resource schema does not have a corresponding attribute.@ulucinar in the community provider-aws we have a ActiveMQ User Resource - so we could implement the resource her too without tf ?
Hi @haarchri, We are on it. @mergenci has started investigating how to implement the broker user resource.
@haarchri, I was able to create, update, and delete ActiveMQ (not RabbitMQ) users, in the current provider version, using MQ Broker resource's embedded user
field. RabbitMQ users cannot be managed neither using Terraform nor using AWS APIs.
I'm sharing the detailed steps below, to avoid any confusion. Does this address your needs?
Note that the reconciler enters an update loop upon applying any user updates, because updates won't take effect until next scheduled maintenance period or manual reboot of the broker.
apiVersion: mq.aws.upbound.io/v1beta1
kind: Broker
metadata:
annotations:
meta.upbound.io/example-id: mq/v1beta1/broker
labels:
testing.upbound.io/example-name: test-issue-1264-activemq-broker
name: test-issue-1264-activemq-broker
spec:
forProvider:
# Due to an existing Terrajet limitation, we cannot use "metadata.name" for "brokerName"
# Details can be found in https://github.com/crossplane/terrajet/issues/280
brokerName: test-issue-1264-activemq-broker
region: us-west-1
securityGroupRefs:
- name: test-issue-1264-mq-securitygroup
engineType: ActiveMQ
engineVersion: 5.17.6
hostInstanceType: mq.t3.micro
user:
- passwordSecretRef:
key: password
name: test-issue-1264-mq-secret
namespace: upbound-system
username: admin
---
apiVersion: v1
kind: Secret
metadata:
annotations:
meta.upbound.io/example-id: mq/v1beta1/broker
uptest.upbound.io/pre-delete-hook: testhooks/delete-broker.sh
labels:
testing.upbound.io/example-name: test-issue-1264-mq-secret
name: test-issue-1264-mq-secret
namespace: upbound-system
type: Opaque
stringData:
password: "Upboundtest!"
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroup
metadata:
annotations:
meta.upbound.io/example-id: ec2/v1beta1/securitygroup
labels:
testing.upbound.io/example-name: test-issue-1264-mq-securitygroup
name: test-issue-1264-mq-securitygroup
spec:
forProvider:
region: us-west-1
description: Allow TLS inbound traffic
name: allow_tls
tags:
Name: allow_tls
spec.forProvider.user
:- consoleAccess: true
passwordSecretRef:
key: password
name: test-issue-1264-mq-secret
namespace: upbound-system
username: testuser
consoleAccess: false
for the previously created user.
What problem are you facing?
We want to use ActiveMQ in the official provider (mq.aws.upbound.io/v1beta1). We noticed that the official provider does not have a User API. The inline user configuration will not help because of the following comment
MQ does not return broker users preventing this resource from making user updates and drift detection.
https://marketplace.upbound.io/providers/upbound/provider-aws-mq/v1.3.1/resources/mq.aws.upbound.io/Broker/v1beta1#doc:spec-forProvider-userAnd the Broker is missing a status that returns the log group names.
Both of these features are integrated in the community providers and it would help us a lot if we could have similar features with the official provider. Is it possible to integrate these features into the official providers?
How could Official AWS Provider help solve your problem?