-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resource/aws_mq_broker: Add RabbitMQ engine type #16108
Conversation
@DrFaust92 I was wondering if you might have a few minutes to help me with an issue related to AWS api: It looks like for RabbitMQ engine type, AWS is not planning on sending the users list in the DescribeBroker API call. The issue that I am getting is that if the users list does not come back - terraform will assume it needs to add them again, because the mq broker state has that user list empty:
This only happens with RabbitMQ, It does return on the user list if the engine type is ApacheMQ. How should I proceed? |
@gdavison can you help? |
Ok I figured it out using |
Also tested the whole module:
|
962536d
to
7123990
Compare
@ewbankkit Is this waiting for a bot approval? |
@yardensachs Just a question. Should'nt
|
@jonten The configuration block/resource does not apply to RabbitMQ as far as I'm aware. |
a2fd673
to
2cf1327
Compare
Ok, good 👍 |
I tried to use your branch to provision and came across 2 issues:
+ logs {
+ audit = false
+ general = true
} which is correct but it errors on the audit log even though you explicitly set aws_mq_broker.tf-rmq-broker: Creating...
Error: BadRequestException: Audit logging is not supported for RabbitMQ brokers.
{
RespMetadata: {
StatusCode: 400,
RequestID: "4a17e8b5-8c0f-4ecd-a881-b058a610f959"
},
ErrorAttribute: "logs.audit",
Message_: "Audit logging is not supported for RabbitMQ brokers."
}
aws_mq_broker.tf-rmq-broker: Creating...
Error: BadRequestException: Broker with [publiclyAccessible] set to true does not support specifying [securityGroups]
{
RespMetadata: {
StatusCode: 400,
RequestID: "97343aef-5455-4f2a-94b3-1e49b28e40b8"
},
ErrorAttribute: "securityGroups",
Message_: "Broker with [publiclyAccessible] set to true does not support specifying [securityGroups]"
} and if you remove the security_groups argument: Error: Missing required argument
on main.tf line 6, in resource "aws_mq_broker" "tf-rmq-broker":
6: resource "aws_mq_broker" "tf-rmq-broker" {
The argument "security_groups" is required, but no definition was found. or if you try setting it to empty: aws_mq_broker.tf-rmq-broker: Creating...
Error: BadRequestException: Empty list of security groups is invalid.
{
RespMetadata: {
StatusCode: 400,
RequestID: "a8e6c4fb-05cb-4e06-8bc6-2e6d0243e373"
},
ErrorAttribute: "securityGroups",
Message_: "Empty list of security groups is invalid."
} Other than that it works great! |
I found that for at least the security_groups issue, the aws-sdk-go that is being called by the hashicorp/aws Terraform module is enforcing that the SecurityGroups is NOT optional. This is most likely intentional for ActiveMQ but breaks in the case of Rabbit? I could be wrong..., bottom line is that there is a conflict between the enforcement on the SDK/API side vs. the Terraform provider side. Bummer... See: https://github.com/aws/aws-sdk-go/blob/master/service/mq/api.go#L2789 |
hi there! thank you very much for the efforts on this! is there an ETA on when this will be merged/released? Eager to try it out! :) |
I don't know when this will be merged. I see people commented on this. I did this work a long time ago when I had the time to do it. I can't imagine the amount of work the maintainers have, and the speed at which AWS is now releasing changes - I am sure its crazy. |
* `logs` - (Optional) Logging configuration of the broker. See below. | ||
* `user` - (Required) The list of all ActiveMQ usernames for the specified broker. See below. | ||
* `logs` - (Optional) Logging configuration of the broker. See below. (Applies to `ActiveMQ` only) | ||
* `user` - (Required) The list of all broker usernames for the specified broker. See below. RabbitMQ users can only be specified in the creation of the resource. Updates to users can only be in the RabbitMQ UI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be helpful to add that RabbitMQ comes with the management plugin enabled, so it's also possible to the API to created/update/delete users (and more, /api/definitions
endpoint is super handy for that).
We're using the cloud formation workaround at the moment, and also have a Lambda in place (triggered by Terraform) to set up a couple of exchanges and users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unrelated but you can use the rabbit provider to create exchanges and users :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes, assuming that where the place where you run terraform apply
has direct access to the RMQ server.
Any chance to merge it this year? 😄 |
Any merge estimate? |
@yardensachs Thank you for your work on this PR! There are many limitations currently with using RabbitMQ in AWS. However, if we can provide the capability with the limitations and carefully document the limits, people can decide for themselves. It doesn't seem like a reason to hold up this PR. I cannot guarantee how soon I'll get to this. However, to facilitate the process, here are the limitations I see in the documentation:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! 🎉
Acceptance tests in commercial (us-west-2
) (Amazon MQ is not supported in GovCloud):
--- PASS: TestAccAWSMqBroker_rabbitmq (540.89s)
--- PASS: TestAccAWSMqBroker_EncryptionOptions_KmsKeyId (1127.84s)
--- PASS: TestAccAWSMqBroker_disappears (1130.68s)
--- PASS: TestAccAWSMqBroker_updateTags (1160.50s)
--- PASS: TestAccAWSMqBroker_EncryptionOptions_UseAwsOwnedKey_Enabled (1161.53s)
--- PASS: TestAccAWSMqBroker_EncryptionOptions_UseAwsOwnedKey_Disabled (1163.69s)
--- PASS: TestAccAWSMqBroker_basic (1188.40s)
--- PASS: TestAccAWSMqBroker_updateSecurityGroup (1454.75s)
--- PASS: TestAccAWSMqBroker_updateUsers (1506.68s)
--- PASS: TestAccAWSMqBroker_allFieldsDefaultVpc (1717.77s)
--- PASS: TestAccAWSMqBroker_allFieldsCustomVpc (1755.67s)
This PR also adds enumeration validations per #14601 |
This has been released in version 3.32.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Closes #16030
Closes #16027
Closes #16047
Relates #11459, #16261, #12758, #16751
Release note for CHANGELOG:
Output from acceptance testing: