terraform-provider-bigip icon indicating copy to clipboard operation
terraform-provider-bigip copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Authorization error when trying to create virtual server using Manager role

Open dhawal55 opened this issue 6 years ago • 2 comments

I'm using a BigIP F5 user with manager role in a single partition to create a bigip_ltm_virtual_server, bigip_ltm_pool and bigip_ltm_pool_attachment resources in that partition.

I get the following error:

Error: Error running plan: 1 error occurred:
	* provider.bigip: Authorization failed: user=https://localhost/mgmt/shared/authz/users/test resource=/mgmt/tm/net/self verb=GET uri:http://localhost:8100/mgmt/tm/net/self referrer:xy.xy.xy.xy sender:xx.xx.xx.xx

What am I missing?

dhawal55 avatar Sep 20 '19 23:09 dhawal55

I figured out the issue. I'm running F5 version v12.1.3.6 and as per documentation I need admin role to access API:

In BIG-IP 11.5.x to 13.0.x, by default, only users with the Administrator role are granted access to the iControl REST API. In BIG-IP 13.1.x and later, any user you create regardless of role is automatically given access to the iControl REST API, but are limited by their role to what objects they can view and edit.

I will try after upgrading to v14.1.x.

dhawal55 avatar Sep 23 '19 16:09 dhawal55

It failed in BigIP v14.1.x too. As per this issue, it looks like a BigIP bug: https://github.com/F5Networks/f5-ansible/issues/1175

One workaround suggested in the above post is to not set any metadata but I can't find any option to disable metadata in terraform provider

dhawal55 avatar Oct 05 '19 21:10 dhawal55

Hi, closing this request now. Please re-open if required or send an email to [email protected]. Thanks!

KrithikaChidambaram avatar Feb 21 '23 12:02 KrithikaChidambaram