search

f5devcentral / terraform-aws-bigip-module

This Repo has been Archived, and moved to: https://github.com/F5Networks/terraform-aws-bigip-module for Supported Module
3 stars 8 forks source link

f5_username does not work for API calls #17

Closed codygreen closed 3 years ago

codygreen commented 3 years ago

The terraform output contains an f5_username but this use does not work when making API calls:

export bigip_address=`terraform output -json | jq ".mgmtPublicIP.value[0][0]" -r`
export bigip_port=`terraform output -json | jq ".mgmtPort.value[0]" -r`
export user=`terraform output -json | jq ".f5_username.value[0]" -r`
export password=`terraform output -json | jq ".bigip_password.value[0]" -r`

curl -k https://$bigip_address:$bigip_port/mgmt/shared/appsvcs/ -u $user:$password
{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/bigipuser resource=/mgmt/shared/appsvcs verb=GET uri:http://localhost:8100/mgmt/shared/appsvcs/ referrer:35.185.246.178 sender:35.185.246.178","referer":"35.185.246.178","restOperationId":6614138,"kind":":resterrorresponse"}

I've verified that the environment variables are set correctly and I've also issued the curl command without environment variables to ensure that did not change the results.

If I switch the user to admin the API call is successful:

curl -k https://$bigip_address:$bigip_port/mgmt/shared/appsvcs/info -u $user:$password
{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/bigipuser resource=/mgmt/shared/appsvcs/info verb=GET uri:http://localhost:8100/mgmt/shared/appsvcs/info referrer:35.185.246.178 sender:35.185.246.178","referer":"35.185.246.178","restOperationId":6614210,"kind":":resterrorresponse"}
nmenant commented 3 years ago

Cody,

i haven't been able to reproduce this issue: i deployed the 3nic examples and then tried to access our API: 

curl -k https://$bigip_address:$bigip_port/mgmt/shared/appsvcs/info -u $user:$password
{"version":"3.23.0","release":"5","schemaCurrent":"3.23.0","schemaMinimum":"3.0.0"}

Can we try to sync offline on this ?

codygreen commented 3 years ago

I deployed a new instance and still see this error. 

echo $user
bigipuser
curl -k https://$bigip_address:$bigip_port/mgmt/shared/appsvcs/info -u $user:$password
{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/bigipuser resource=/mgmt/shared/appsvcs/info verb=GET uri:http://localhost:8100/mgmt/shared/appsvcs/info referrer:34.83.41.1 sender:34.83.41.1","referer":"34.83.41.1","restOperationId":6564357,"kind":":resterrorresponse"}
terraform output -json
{
  "bigip_password": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        "string"
      ]
    ],
    "value": [
      "removed"
    ]
  },
  "f5_username": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        "string"
      ]
    ],
    "value": [
      "bigipuser"
    ]
  },
  "mgmtPort": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        "string"
      ]
    ],
    "value": [
      "443"
    ]
  },
  "mgmtPublicDNS": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        [
          "tuple",
          [
            "string"
          ]
        ]
      ]
    ],
    "value": [
      [
        "ec2-44-236-55-236.us-west-2.compute.amazonaws.com"
      ]
    ]
  },
  "mgmtPublicIP": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        [
          "tuple",
          [
            "string"
          ]
        ]
      ]
    ],
    "value": [
      [
        "44.236.55.236"
      ]
    ]
  },
  "mgmtPublicURL": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        "string"
      ]
    ],
    "value": [
      "https://ec2-44-236-55-236.us-west-2.compute.amazonaws.com:443"
    ]
  },
  "private_addresses": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        [
          "tuple",
          [
            [
              "set",
              "string"
            ],
            [
              "set",
              "string"
            ]
          ]
        ]
      ]
    ],
    "value": [
      [
        [
          "10.0.2.242",
          "10.0.2.46"
        ],
        [
          "10.0.3.41"
        ]
      ]
    ]
  },
  "public_addresses": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        [
          "tuple",
          [
            "string"
          ]
        ]
      ]
    ],
    "value": [
      [
        "44.236.107.22"
      ]
    ]
  },
  "vpc_id": {
    "sensitive": false,
    "type": "string",
    "value": "vpc-05dfe6d6992805e42"
  }
}

I do see the bigipuser when I run:

admin@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# list auth user 
auth user admin {
    description "Admin User"
    encrypted-password removed
    partition Common
    partition-access {
        all-partitions {
            role admin
        }
    }
    shell bash
}
auth user bigipuser {
    description bigipuser
    encrypted-password removed
    partition Common
    partition-access {
        all-partitions {
            role admin
        }
    }
    shell none
}
papineni87 commented 3 years ago

Tracking through INFRAANO-216

papineni87 commented 3 years ago

Not able to repro the issue, will reopen the issue when we have repro on it.