search

F5Networks / f5-google-gdm-templates

Google Deployment Templates for quickly deploying BIG-IP services in Google Cloud Platform
28 stars 45 forks source link

Documentation Update: permissions for svc account in autoscale GCP template #35

Closed JeffGiroux closed 3 years ago

JeffGiroux commented 4 years ago

Do you already have an issue opened with F5 support?

no

Description

Please specify the exact permissions needed for the service accounts. For example, the experimental template for autoscale only shows this.

"Important: This solution uses calls to the GCE REST API to read and update GCE resources such as storage accounts, network interfaces, and route tables. For the solution to function correctly, you must ensure that the BIG-IP(s) can connect to the GCE REST API on port 443. This solution uses calls to the GCE REST API to read and update GCE resources, this has specifically been tested in GCE Commercial Cloud."

What are the actual permissions required? Read, list, RW, and so on?

These permissions are based on the calls found within the F5 scripts. Alternatively, you can list in the documentation that admin can be used but suggest that the customer slim down permissions. Preferred though, F5 should list the permissions needed based on the script calls.

Template

https://github.com/F5Networks/f5-google-gdm-templates/tree/master/experimental/autoscale/waf/via-lb/existing-stack/payg

Severity Level

3

shyawnkarim commented 4 years ago

Thanks for reaching out to us with this issue. I have gone ahead and created Jira issue #1749 to get these added.

shyawnkarim commented 3 years ago

Closing.

This issue was resolved with Release 3.11.0.