Skip to content

Commit

Permalink
fix: Add permissions to role(s)
Browse files Browse the repository at this point in the history
An updated set of required permissions was published by F5; this change
add the set that were not present in this module but does not prune out
permissions added to the module not present in the F5 list - that is
still a task in issue #3.

Closes #75.
  • Loading branch information
memes committed Mar 28, 2024
1 parent c2066fa commit dac8de7
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
5 changes: 5 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,8 @@ locals {
"compute.instances.updateAccessConfig",
"compute.instances.updateNetworkInterface",
"compute.instances.use",
"compute.interconnectAttachments.get",
"compute.machineTypes.get",
"compute.machineTypes.list",
"compute.networkEndpointGroups.attachNetworkEndpoints",
"compute.networks.access",
Expand All @@ -110,12 +112,15 @@ locals {
"compute.networks.updatePolicy",
"compute.networks.use",
"compute.networks.useExternalIp",
"compute.projects.get",
"compute.regionBackendServices.create",
"compute.regionBackendServices.delete",
"compute.regionBackendServices.get",
"compute.regionBackendServices.list",
"compute.regionBackendServices.use",
"compute.regionOperations.get",
"compute.regions.get",
"compute.routers.get",
"compute.routes.create",
"compute.routes.delete",
"compute.routes.get",
Expand Down
14 changes: 12 additions & 2 deletions test/profiles/f5-xc-role/controls/role.rb
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,8 @@
'compute.instances.updateAccessConfig',
'compute.instances.updateNetworkInterface',
'compute.instances.use',
'compute.interconnectAttachments.get',
'compute.machineTypes.get',
'compute.machineTypes.list',
'compute.networkEndpointGroups.attachNetworkEndpoints',
'compute.networks.access',
Expand All @@ -86,12 +88,15 @@
'compute.networks.updatePolicy',
'compute.networks.use',
'compute.networks.useExternalIp',
'compute.projects.get',
'compute.regionBackendServices.create',
'compute.regionBackendServices.delete',
'compute.regionBackendServices.get',
'compute.regionBackendServices.list',
'compute.regionBackendServices.use',
'compute.regionOperations.get',
'compute.regions.get',
'compute.routers.get',
'compute.routes.create',
'compute.routes.delete',
'compute.routes.get',
Expand All @@ -109,7 +114,7 @@
'iam.serviceAccounts.get',
'iam.serviceAccounts.list',
'resourcemanager.projects.get'
].freeze
].sort!.freeze

EXPECTED_ORG_PERMISSIONS = [
'compute.addresses.create',
Expand Down Expand Up @@ -186,6 +191,8 @@
'compute.instances.updateAccessConfig',
'compute.instances.updateNetworkInterface',
'compute.instances.use',
'compute.interconnectAttachments.get',
'compute.machineTypes.get',
'compute.machineTypes.list',
'compute.networkEndpointGroups.attachNetworkEndpoints',
'compute.networks.access',
Expand All @@ -197,12 +204,15 @@
'compute.networks.updatePolicy',
'compute.networks.use',
'compute.networks.useExternalIp',
'compute.projects.get',
'compute.regionBackendServices.create',
'compute.regionBackendServices.delete',
'compute.regionBackendServices.get',
'compute.regionBackendServices.list',
'compute.regionBackendServices.use',
'compute.regionOperations.get',
'compute.regions.get',
'compute.routers.get',
'compute.routes.create',
'compute.routes.delete',
'compute.routes.get',
Expand All @@ -221,7 +231,7 @@
'iam.serviceAccounts.list',
'resourcemanager.projects.get',
'resourcemanager.projects.list'
].freeze
].sort!.freeze

control 'project_role' do
title 'Verify F5 Distributed Cloud custom role with project scope'
Expand Down

0 comments on commit dac8de7

Please sign in to comment.