firewall scope - personalAccessToken
Hi,
I can create a Linode using terraform, but I fail to create (and link) a firewall. It complains about a missing grant, however I have added every scope in read-write.
What do I need to do to get the right scope assigned to create a firewall using terraform/.
2 Replies
_Brian
Linode Staff
✓ Best Answer
I'm unsure as to why Cloud Firewalls aren't an option in the Cloud Manager UI for selection while configuring scopes at the moment, but in order to deploy a Cloud Firewall one's token must possess the firewall:read_write and account:read_write scopes.
If creating a token within the Cloud Manager, one can use the "Select All - Read/Write" radio button in the tokens tray to create a token with a scope of *, which will have the required permissions to create firewalls.
That said, later on you'll probably to limit that access for security reasons. Since you're using terraform, you can use it to generate a token with only the specific required scopes.
For example, this will create a token with limited access and store the token in a file called secrets:
terraform {
required_providers {
linode = {
source = "linode/linode"
}
}
}
provider "linode" {
token = "$TOKEN"
}
resource "linode_token" "scope_test" {
label = "tf_scopes"
scopes = "firewall:read_write account:read_write"
expiry = "2100-01-02T03:04:05Z"
}
resource "null_resource" "token_value" {
provisioner "local-exec" {
interpreter = ["/bin/bash", "-c"]
command = <<EOF
echo -e "value: ${linode_token.scope_test.token}" > secrets
EOF
}
}
