search

RavinderReddyF5 / terraform-provider-bigip-version0.12

Terraform resources that can configure F5 BIGIP products
Mozilla Public License 2.0
0 stars 0 forks source link

Authorization error when trying to create virtual server using Manager role #191

Open RavinderReddyF5 opened 4 years ago

RavinderReddyF5 commented 4 years ago

Issue by dhawal55 Friday Sep 20, 2019 at 23:15 GMT Originally opened as https://github.com/terraform-providers/terraform-provider-bigip/issues/160

I'm using a BigIP F5 user with manager role in a single partition to create a bigip_ltm_virtual_server, bigip_ltm_pool and bigip_ltm_pool_attachment resources in that partition.

I get the following error:

Error: Error running plan: 1 error occurred:
    * provider.bigip: Authorization failed: user=https://localhost/mgmt/shared/authz/users/test resource=/mgmt/tm/net/self verb=GET uri:http://localhost:8100/mgmt/tm/net/self referrer:xy.xy.xy.xy sender:xx.xx.xx.xx

What am I missing?

RavinderReddyF5 commented 4 years ago

Comment by dhawal55 Monday Sep 23, 2019 at 16:48 GMT

I figured out the issue. I'm running F5 version v12.1.3.6 and as per documentation I need admin role to access API:

In BIG-IP 11.5.x to 13.0.x, by default, only users with the Administrator role are granted access to the iControl REST API. In BIG-IP 13.1.x and later, any user you create regardless of role is automatically given access to the iControl REST API, but are limited by their role to what objects they can view and edit.

I will try after upgrading to v14.1.x.

RavinderReddyF5 commented 4 years ago

Comment by dhawal55 Saturday Oct 05, 2019 at 21:43 GMT

It failed in BigIP v14.1.x too. As per this issue, it looks like a BigIP bug: https://github.com/F5Networks/f5-ansible/issues/1175

One workaround suggested in the above post is to not set any metadata but I can't find any option to disable metadata in terraform provider

mhcmind commented 1 year ago

I ran into the same issue when using F5Networks/bigip provider, The version is BIG-IP 13.1.5.1.

Authentication required!

│ │ │ This server could not verify that you are authorized to access │ the URL "/mgmt/tm/net/self". │ You either supplied the wrong credentials (e.g., bad password), or your │ browser doesn't understand how to supply the credentials required. │ │

│ │ │ In case you are allowed to request the document, please │ check your user-id and password and try again. │ │

│ │

Error 401

Wed Jun 14 09:30:31 2023
 │ │

Any suggestion? The user is administrator and the password does not contain special characters or spaces.

mhcmind commented 1 year ago

It works fine with external token

terraform { required_providers { bigip = { source = "F5Networks/bigip" version = "1.18.0" } } } provider "bigip" { address = var.f5_hostname username = var.f5_username token_auth = "true" token_value = var.f5_token }