Onboard your provider to order and manage services from a public provider using Terraform.
Before you can order services from a public cloud provider using Terraform, you need to onboard that provider. Terraform provider support for major hyperscalers (public cloud providers) including Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, Google Cloud Platform (GCP), and Alibaba is already onboarded and available out of the box. For these providers, you can configure credentials and import templates to servicify them right away.
The way that the providers authenticate varies by provider, and you might have multiple different choices of authentication method within the same provider. Regardless of the method you choose, the application helps you complete this process by storing all the information that you need to authenticate to the provider automatically without the need for coding. In addition, adding providers means that your private keys are stored securely, allowing your clients to order services without having any access to your secrets.
A definitive listing of their providers is available at the Terraform Registry.
To use pricing with Terraform templates, you need to set up rate cards for them. For more information, see Pricing for Terraform templates.
If you have a protected network such as a private cloud, you will need to download and install an extension that provides a dedicated channel through your firewall for Terraform communication. For more information, see Secure Network Extension for Terraform for protected networks.
The landing page includes a number of premade provider accounts that are ready to use. To use them, just activate them.
On the
Add Provider Details
tab, enter the following information by copying it from the provider window that you opened in the Terraform Registry as part of step 1 and click
Next
:
Provider Name:
Enter the name of the provider.
Description (optional):
Either copy the description from the provider window or create your own description.
Source Code Repository URL (optional):
On the Terraform Registry page for the provider, click
Overview
, right-click the
vendor/repository
link under
SOURCE CODE
in the provider window, select
Copy Link
, and paste the link into this field.
Upload terraform Provider Configuration:
On the Terraform Registry page for the provider, click
Use Provider
, copy the code revealed, and paste it into this field. The system will make sure that the code is valid. Click
Upload
to import the source, version, and other information into the application.
Upload Image (optional):
Right click the image in the provider window, select
Save Image As
, and save the file. Then click
Upload Image
, locate the saved file, and upload it.
On the
Add Provider Definitions
tab, add any connection parameters that you want other administrators to have to fill in when they add asset accounts that use this provider. These fields should be used for any company-specific metadata that you want to be associated with the asset account such as region, account purpose, and so on. This entire section is optional. Provide the following information for each parameter. Click
Add connection parameter
to add each parameter. You can click
Delete
to remove already created parameters. When you have created all your parameters, click
Next
.
Display Label:
Enter the label that will be displayed for the parameter field.
Default Text:
Enter the text that will be displayed by default in the parameter field.
Required:
Indicate whether the field must be filled in before the account can be created.
Use
Preview
to check the look and feel of the selections.
On the
Configure Authentication Method
tab, select the authentication method you want to use to connect to the provider with by clicking the
Add
icon for that method. Your choice here depends on the method used by the provider. For more information about the credentials needed for the provider you selected, click the link in the explanatory text. You have these choices, although some of these might not be available for the provider you selected. When you are finished, click
Next
.
Provider Block:
Prompts your administrators to provide all of the information that is required by the provider for authentication and combines it into an appropriately formatted provider block in the Terraform configuration file that is forwarded by the Terraform Engine to the provider for authentication. To create the fields that your administrators will need to enter to log in to the provider, complete these steps:
Locate the provider block in the provider’s documentation, paste it into the
Upload Terraform Provider Black
field, and click
Upload
.
The credential parameters that are needed by the provider block are generated automatically by the system. Select the type of input needed for each parameter (
Text
or
File path reference
). Check how these parameters will look while creating the provider account by clicking
Preview
.
Text
is a simple text input.
File path reference
prompts your administrators to enter the contents of the file. The system will then automatically create a file with those contents and provide it by reference to your system. You will need to provide the following information for each parameter or accept the defaults. Any parameter that you do not select will be included in the generated provider block that you will use in your Terraform templates that can be used during servicification to create the content packages. The configuration parameters that are not selected, and therefore not presented to your administrators, will need to be specified in your Terraform templates for this provider. Use the generated provider block in the
Preview
section in your template to provide these parameters.
Configuration label:
Enter the label that will be displayed for the parameter field.
Default Text:
Enter the text that will be displayed by default in the parameter field.
Required:
Indicate whether the field must be filled in before the credentials can be submitted.
More than 256 characters:
(Text only) Determine whether the input can for Text type can be more than 256 characters. The visual difference is that the text box will be larger. The maximum length is 600 characters.
Configuration Profile:
Prompts your administrators to provide all of the credentials that are required by the provider for authentication. The system then creates a file in the appropriate format and provides the path to that file to the system. To create the fields that your administrators must fill out, create each credential by providing the following information:
TF_VAR_config_profile environment variable name:
The configuration profile attribute that was created on the application, so that the file content present inside it would have the PROFILE information that can be used to authenticate with provider-specific APIs or SDK.
Default Text:
Enter the text that will be displayed by default in the parameter field.
Required:
Indicate whether the field must be filled in before the credentials can be submitted.
Environment Variables:
In this method, you prompt your administrators to provide the environment variables that are needed for authentication. To create the fields that your administrators must fill out, create each variable by providing the following information:
Name of the environment variable:
Enter the exact name of the environment variable as set down in the provider documentation. This name will be used for the parameter field.
Default Text:
Enter the text that will be displayed by default in the parameter field.
Required:
Indicate whether the field must be filled in before the credentials can be submitted.
More than 256 characters:
(Text only) Determine whether the input can for Text type can be more than 256 characters. The visual difference is that the text box will be larger. The maximum length is 300 characters.
Use
Preview
to check the look and feel of the selections.
The
Review
tab provides a preview of the information that you entered and all of the fields that you created. You have the option to activate the provider now, or you can save it and activate it later. If everything looks good, click
Save
and then
Proceed
to add your provider. Otherwise go back and correct the problems.
If a provider is created in the Terraform Provider Management UI, the testConnection feature for that provider by default is turned off. As a result, credentials will not be validated when creating an asset account. In this case, ensure that the credentials are entered correctly.
If you did not activate the provider immediately, you can do so in the
Available Terraform Providers
window by clicking
Activate
on the provider, and then clicking
Proceed
on the verification window.
If the provider is not activated, you cannot create a provider account, import content packages, or order those packages using that provider.
Creating asset account
After you have created added the provider, you need to add one or more asset accounts for that provider. The asset accounts allow users to access the provider. You can create multiple asset accounts with different levels of privilige so you can assign users those different levels.
Optionally, provide a more detailed explanation of the account.
Subscription ID:
Enter the ID of the provider.
Offer ID:
Enter the ID of the provider offer, if applicable.
Tenant ID
: Enter the ID of your tenant.
Status:
Set whether the account is active.
Add the credentials needed to access the provider account by clicking
Add Credential
, entering the following parameters, and clicking
Add
:
Name:
Enter a name for the credential.
Purpose:
Select from the following purposes:
Asset Ingestion
Provisioning
Asset Discovery
Description:
Optionally, provide a more detailed explanation of the credential.
Status:
Set whether the account is active.
Setting up proxy container
After adding the provider and setting up any asset accounts, a proxy container must be set up to allow communication between the provider and your Enterprise Marketplace tenant. To do so, complete these steps:
field, select the provider that you added and click
Continue
to download the installer bundle file. Save it in a convenient location.
Run the container with the Proxy command (
docker ps
) and verify whether the container is up and running.
While setting up the proxy, specify the version of Terraform that you are using if it is not the default (1.5.7). The only alternative version that can be used is 1.0.9, which you can indicate using this block.
terraform {
required_version = "1.0.9"
}
Importing Terraform templates
Import the Terraform templates for the newly created provider using the following steps. This process can only be performed by the Catalog Admin role.
page, click the provider account that you want to import for. If multiple accounts are present, select one of them using the drop-down menu and click
OK
.
A window is displayed telling you that the discovery process has started and that you will receive an email when it is complete. Click
OK
. All catalogs are imported in the Draft status.
Preferred practice
When importing Terraform templates of providers that are not HashiCorp registered, the Terraform template should include the Terraform block. Otherwise the import will fail because the Terraform init fails because it cannot find the provider-specific binaries.