Cloud Services

Enterprise Marketplace

Provider integration using Terraform
Published On Oct 08, 2024 - 8:47 AM

Provider integration using Terraform

Onboard your provider to order and manage services from a public provider using Terraform.
Before you can order services from a public cloud provider using Terraform, you need to onboard that provider. Terraform provider support for major hyperscalers (public cloud providers) including Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, Google Cloud Platform (GCP), and Alibaba is already onboarded and available out of the box. For these providers, you can configure credentials and import templates to servicify them right away.
The way that the providers authenticate varies by provider, and you might have multiple different choices of authentication method within the same provider. Regardless of the method you choose, the application helps you complete this process by storing all the information that you need to authenticate to the provider automatically without the need for coding. In addition, adding providers means that your private keys are stored securely, allowing your clients to order services without having any access to your secrets.
A definitive listing of their providers is available at the Terraform Registry.
To use pricing with Terraform templates, you need to set up rate cards for them. For more information, see Pricing for Terraform templates.
If you have a protected network such as a private cloud, you will need to download and install an extension that provides a dedicated channel through your firewall for Terraform communication. For more information, see Secure Network Extension for Terraform for protected networks.

Adding a provider

To add a provider, complete these steps:
  1. In the Terraform Registry (https://registry.terraform.io/browse/providers), open the provider that you want to utilize and click the
    Documentation
     tab in the upper right corner. Keep this window open because you will be copying information from this window to paste into the application.
  2. Select which technique you want to use for authentication to the provider, if there is more than one option.
  3. Select the type of connection that you want to use, if applicable.
  4. Navigate to the
    Terraform Provider Management
     page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  5. In the
    Terraform Provider Management
     section, click
    Add Provider
     in the upper right.
    The landing page includes a number of premade provider accounts that are ready to use. To use them, just activate them.
  6. On the
    Add Provider Details
     tab, enter the following information by copying it from the provider window that you opened in the Terraform Registry as part of step 1 and click
    Next
    :
    • Provider Name:
       Enter the name of the provider.
    • Description (optional):
       Either copy the description from the provider window or create your own description.
    • Source Code Repository URL (optional):
       On the Terraform Registry page for the provider, click
      Overview
      , right-click the
      vendor/repository
       link under
      SOURCE CODE
       in the provider window, select
      Copy Link
      , and paste the link into this field.
    • Upload terraform Provider Configuration:
       On the Terraform Registry page for the provider, click
      Use Provider
      , copy the code revealed, and paste it into this field. The system will make sure that the code is valid. Click
      Upload
       to import the source, version, and other information into the application.
    • Upload Image (optional):
       Right click the image in the provider window, select
      Save Image As
      , and save the file. Then click
      Upload Image
      , locate the saved file, and upload it.
  7. On the
    Add Provider Definitions
     tab, add any connection parameters that you want other administrators to have to fill in when they add asset accounts that use this provider. These fields should be used for any company-specific metadata that you want to be associated with the asset account such as region, account purpose, and so on. This entire section is optional. Provide the following information for each parameter. Click
    Add connection parameter
     to add each parameter. You can click
    Delete
     to remove already created parameters. When you have created all your parameters, click
    Next
    .
    • Display Label:
       Enter the label that will be displayed for the parameter field.
    • Default Text:
       Enter the text that will be displayed by default in the parameter field.
    • Required:
       Indicate whether the field must be filled in before the account can be created.
      Use
      Preview
       to check the look and feel of the selections.
  8. On the
    Configure Authentication Method
     tab, select the authentication method you want to use to connect to the provider with by clicking the
    Add
     icon for that method. Your choice here depends on the method used by the provider. For more information about the credentials needed for the provider you selected, click the link in the explanatory text. You have these choices, although some of these might not be available for the provider you selected. When you are finished, click
    Next
    .
    • Provider Block:
       Prompts your administrators to provide all of the information that is required by the provider for authentication and combines it into an appropriately formatted provider block in the Terraform configuration file that is forwarded by the Terraform Engine to the provider for authentication. To create the fields that your administrators will need to enter to log in to the provider, complete these steps:
      1. Locate the provider block in the provider’s documentation, paste it into the
        Upload Terraform Provider Black
         field, and click
        Upload
        .
      2. The credential parameters that are needed by the provider block are generated automatically by the system. Select the type of input needed for each parameter (
        Text
         or
        File path reference
        ). Check how these parameters will look while creating the provider account by clicking
        Preview
        .
        Text
         is a simple text input.
        File path reference
         prompts your administrators to enter the contents of the file. The system will then automatically create a file with those contents and provide it by reference to your system. You will need to provide the following information for each parameter or accept the defaults. Any parameter that you do not select will be included in the generated provider block that you will use in your Terraform templates that can be used during servicification to create the content packages. The configuration parameters that are not selected, and therefore not presented to your administrators, will need to be specified in your Terraform templates for this provider. Use the generated provider block in the
        Preview
         section in your template to provide these parameters.
        • Configuration label:
           Enter the label that will be displayed for the parameter field.
        • Default Text:
           Enter the text that will be displayed by default in the parameter field.
        • Required:
           Indicate whether the field must be filled in before the credentials can be submitted.
        • More than 256 characters:
           (Text only) Determine whether the input can for Text type can be more than 256 characters. The visual difference is that the text box will be larger. The maximum length is 600 characters.
    • Configuration Profile:
       Prompts your administrators to provide all of the credentials that are required by the provider for authentication. The system then creates a file in the appropriate format and provides the path to that file to the system. To create the fields that your administrators must fill out, create each credential by providing the following information:
      • TF_VAR_config_profile environment variable name:
         The configuration profile attribute that was created on the application, so that the file content  present inside it would have the PROFILE information that can be used to authenticate with provider-specific APIs or SDK.
      • Default Text:
         Enter the text that will be displayed by default in the parameter field.
      • Required:
         Indicate whether the field must be filled in before the credentials can be submitted.
    • Environment Variables:
       In this method, you prompt your administrators to provide the environment variables that are needed for authentication. To create the fields that your administrators must fill out, create each variable by providing the following information:
      • Name of the environment variable:
         Enter the exact name of the environment variable as set down in the provider documentation. This name will be used for the parameter field.
      • Default Text:
         Enter the text that will be displayed by default in the parameter field.
      • Required:
         Indicate whether the field must be filled in before the credentials can be submitted.
      • More than 256 characters:
         (Text only) Determine whether the input can for Text type can be more than 256 characters. The visual difference is that the text box will be larger. The maximum length is 300 characters.
      Use
      Preview
       to check the look and feel of the selections.
  9. The
    Review
     tab provides a preview of the information that you entered and all of the fields that you created. You have the option to activate the provider now, or you can save it and activate it later. If everything looks good, click
    Save
     and then
    Proceed
     to add your provider. Otherwise go back and correct the problems.
If a provider is created in the Terraform Provider Management UI, the testConnection feature for that provider by default is turned off. As a result, credentials will not be validated when creating an asset account. In this case, ensure that the credentials are entered correctly.
If you did not activate the provider immediately, you can do so in the
Available Terraform Providers
 window by clicking
Activate
 on the provider, and then clicking
Proceed
 on the verification window.
If the provider is not activated, you cannot create a provider account, import content packages, or order those packages using that provider.

Create asset account

After you have created added the provider, you need to add one or more asset accounts for that provider. The asset accounts allow users to access the provider. You can create multiple asset accounts with different levels of privilige so you can assign users those different levels.
To create an asset account, complete these steps:
  1. Navigate to the
    Provider Account
     page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. Click the
    Asset Account
     tab.
  3. Click the
    Actions
     icon for the new provider and select
    Add Details
    .
  4. Enter the following information for the account:
    • Name:
       Provide a descriptive name for the account.
    • Description:
       Optionally, provide a more detailed explanation of the account.
    • Subscription ID:
       Enter the ID of the provider.
    • Offer ID:
       Enter the ID of the provider offer, if applicable.
    • Tenant ID
      : Enter the ID of your tenant.
    • Status:
       Set whether the account is active.
  5. Add the credentials needed to access the provider account by clicking
    Add Credential
    , entering the following parameters, and clicking
    Add
    :
    • Name:
       Enter a name for the credential.
    • Purpose:
       Select from the following purposes:
      • Asset Ingestion
      • Provisioning
      • Asset Discovery
    • Description:
       Optionally, provide a more detailed explanation of the credential.
    • Status:
       Set whether the account is active.

Set up proxy container

After adding the provider and setting up any asset accounts, a proxy container must be set up to allow communication between the provider and your Enterprise Marketplace tenant. To do so, complete these steps:
  1. Navigate to the
    Terraform Provider Management
     page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. Click
    Download Installer
    .
  3. In the
    Provider Name
     field, select the provider that you added and click
    Continue
     to download the installer bundle file. Save it in a convenient location.
  4. Run the container with the Proxy command (
    docker ps
    ) and verify whether the container is up and running.
While setting up the proxy, specify the version of Terraform that you are using if it is not the default (1.5.7). The only alternative version that can be used is 1.0.9, which you can indicate using this block. 
terraform {
required_version = "1.0.9"
}

Import Terraform templates

Import the Terraform templates for the newly created provider using the following steps. This process can only be performed by the Catalog Admin role.
  1. Navigate to the
    Catalog Management
     page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. On the
    Catalog Management
     page, click
    Add Services
    .
  3. In the
    Choose an option to import service
    window, select
    Import through Provider Account
     and click
    OK
    .
  4. On the
    Catalog Discovery
     page, click the provider account that you want to import for. If multiple accounts are present, select one of them using the drop-down menu and click
    OK
    .
  5. A window is displayed telling you that the discovery process has started and that you will receive an email when it is complete. Click
    OK
    . All catalogs are imported in the Draft status.

Preferred practice

When importing Terraform templates of providers that are not HashiCorp registered, the Terraform template should include the Terraform block. Otherwise the import will fail because the Terraform init fails because it cannot find the provider-specific binaries.
Do you have two minutes for a quick survey?
Take Survey