search

f5devcentral / ansible-role-f5_atc_deploy_declaration

Ansible role used to deploy declaratives to F5 Automated Tool Chain services: AS3, DO, and TS
Apache License 2.0
7 stars 11 forks source link

Authentication not working for BIG-IQ Application owner user #31

Closed rjouhann closed 2 years ago

rjouhann commented 4 years ago

The authentication.yaml does not work for BIG-IQ Application owner users as those users don't have access to the /mgmt/shared/echo API (only Admin user does).

Here is what the user get if it uses atc_deploy to create an AS3 app service using an "app owner" user (which only have access to AS3 declare endpoint on the BIG-IQ).

GET /mgmt/shared/echo

{
    "code": 403,
    "message": "not authorized for: echoworkerstate",
    "referer": "172.18.7.57",
    "restOperationId": 41697972,
    "errorStack": [],
    "kind": ":resterrorresponse"
}

/info/system should be use to verify authentication on BIG-IQ.

rjouhann commented 2 years ago

Hello,

F5 has been working on a new module to deploy AS3 declaration via BIG-IQ. I would recommend you to use that module instead.

https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/modules_2_0/bigiq_as3_deploy_module.html#bigiq-as3-deploy-module-2

Thanks & Regards, Roman