terraform-provider-bigip icon indicating copy to clipboard operation
terraform-provider-bigip copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Error Forbidden when creating Irule with admin token value

Open RahmanBadru opened this issue 1 year ago • 1 comments

Environment

  • TMOS/Bigip Version: 17.1.1.3
  • Terraform Version: 1.6.3
  • Terraform bigip provider Version: 1.22.2

Summary

A clear and concise description of what the bug is. Please also include information about the reproducibility and the severity/impact of the issue.

When i try to use token_value with token_auth=true, i can auth to f5, tf plan works, but terraform apply fails with "Error: error creating iRule /Common/sample: Post "https://$BIG-IP MGMT address/mgmt/tm/ltm/rule": Forbidden

Steps To Reproduce

Steps to reproduce the behavior:

  1. Provide terraform resource config which you are facing trouble along with the output of it.
provider "bigip" {
  address  = var.bigip_address
  token_auth = true
  token_value = var.token_value
}

ouput

Plan: 1 to add, 0 to change, 0 to destroy.
module.irule["sample.tcl"].bigip_ltm_irule.irule: Creating...
╷
│ Error: error creating iRule /Common/sample: Post "https://$BIG-IP MGMT address/mgmt/tm/ltm/rule": Forbidden
│ 
│   with module.irule["sample.tcl"].bigip_ltm_irule.irule,
│   on ../../modules/irule/main.tf line 1, in resource "bigip_ltm_irule" "irule":
│    1: resource "bigip_ltm_irule" "irule" {

  1. To get to know more about the issue, provide terraform debug logs

  2. To capture debug logs, export TF_LOG variable with debug ( export TF_LOG= DEBUG ) before runnning terraform apply/plan

  3. As3/DO json along with the resource config( for AS3/DO resource issues )

Expected Behavior

A clear and concise description of what you expected to happen.

The irule is meant to create with terraform apply

Actual Behavior

A clear and concise description of what actually happens. Please include any applicable error output.

We get the error Plan: 1 to add, 0 to change, 0 to destroy. module.irule["sample.tcl"].bigip_ltm_irule.irule: Creating... ╷ │ Error: error creating iRule /Common/sample: Post "https://$BIG-IP MGMT address/mgmt/tm/ltm/rule": Forbidden │ │ with module.irule["sample.tcl"].bigip_ltm_irule.irule, │ on ../../modules/irule/main.tf line 1, in resource "bigip_ltm_irule" "irule": │ 1: resource "bigip_ltm_irule" "irule" {

RahmanBadru avatar Jul 26 '24 15:07 RahmanBadru

Hi,

I tested with the latest Terraform provider an BIG-IP version 17.1 with success.

How are you generating the token?

Can you check by creating a token with the following curl command (linux format)?

curl -k -u admin:mypassword -H "Content-Type: \
application/json" -X POST -d \
'{"username":"admin","password":"mypassword","loginProviderName":"tmos"}' \
https://X.X.X.X/mgmt/shared/authn/login

And test the token with the following curl command?

curl -k -H "X-F5-Auth-Token: \
mytoken" -X GET \
https://X.X.X.X/mgmt/tm/ltm

pgouband avatar Jul 29 '24 09:07 pgouband