Skip to content

Latest commit

 

History

History

blindfold_cloud_credential

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
terraform.tfvars.example
terraform.tfvars.example
 
 
variables.tf
variables.tf
 
 

README.md

Create a Blindfolded F5 Distributed Cloud GCP Cloud Credential

This example demonstrates how to use the module with Google, Volterra and f5xc providers to create an F5 Distributed Cloud custom IAM role in a project, and assign it to a new service account, and embed the blindfolded service account credentials into an XC Cloud Credential.

NOTE: The f5xc provider is not an F5 product and is not subject to any F5 support. It is a community provider built from published API spec and does not come with any warranty or guarantee of fitness for purpose. Use at your own risk.

NOTE 2: The f5xc provider requires that vesctl is installed and accessible through PATH.

NOTE 3: This example will embed the blindfolded service account JSON key in XC, but it will remain as stored plaintext in Terraform state.

For production use you should create the split this action into two phases and use Blindfold to encrypt the JSON credentials offline. See https://docs.cloud.f5.com/docs/services/app-stack/secrets-management for more information.

Example tfvars file

  • Create the custom role with randomly generated identifier with prefix f5_xc_ in project my-project-id
  • Create a service account named f5-xc@my-project-id.iam.gserviceaccount.com and attach the custom role
  • Create an F5 XC Cloud Credential named f5-xc in your tenant that holds the service account credentials
project_id = "my-project-id"
name = "f5-xc"

Prerequisites

  • Google Cloud project
  • Appropriate IAM roles in the project
    • Create and manage IAM roles
    • Create and manage service account
  • Appropriate roles to create Cloud Credential in an F5 XC tenant
  • vesctl installed and accessible through PATH

Resources created

  • Custom F5 Distributed Cloud IAM role created in the project
  • Service account with binding to custom IAM role and JSON authentication key
  • Blindfolded F5 XC Cloud Credential for GCP

Requirements

Name Version
terraform >= 1.3
f5xc >= 0.1
google >= 4.58
volterra >= 0.11

Modules

Name Source Version
role memes/f5-distributed-cloud-role/google 1.0.9

Resources

Name Type
f5xc_blindfold.sa resource
google_project_iam_member.sa resource
google_service_account.sa resource
google_service_account_key.sa resource
volterra_cloud_credentials.xc resource

Inputs

Name Description Type Default Required
name The name to assign to the created service account and Cloud Credential resources. string n/a yes
project_id The identifier of the Google Cloud project that will contain the custom role. string n/a yes

Outputs

Name Description
cloud_credential The unique name of the GCP Cloud Credential in your F5 XC tenant.
qualified_role_id The qualified role-id for the custom F5 Distributed Cloud role.