✓ Solved

firewall scope - personalAccessToken

Hi,
I can create a Linode using terraform, but I fail to create (and link) a firewall. It complains about a missing grant, however I have added every scope in read-write.

What do I need to do to get the right scope assigned to create a firewall using terraform/.

2 Replies

✓ Best Answer

I'm unsure as to why Cloud Firewalls aren't an option in the Cloud Manager UI for selection while configuring scopes at the moment, but in order to deploy a Cloud Firewall one's token must possess the firewall:read_write and account:read_write scopes.

If creating a token within the Cloud Manager, one can use the "Select All - Read/Write" radio button in the tokens tray to create a token with a scope of *, which will have the required permissions to create firewalls.

That said, later on you'll probably to limit that access for security reasons. Since you're using terraform, you can use it to generate a token with only the specific required scopes.

For example, this will create a token with limited access and store the token in a file called secrets:

terraform {
  required_providers {
    linode = {
      source = "linode/linode"
    }
  }
}

provider "linode" {
    token = "$TOKEN"
}

resource "linode_token" "scope_test" {
  label  = "tf_scopes"
  scopes = "firewall:read_write account:read_write"
  expiry = "2100-01-02T03:04:05Z"
}

resource "null_resource" "token_value" {
  provisioner "local-exec" {
    interpreter = ["/bin/bash", "-c"]
    command     = <<EOF
        echo -e "value: ${linode_token.scope_test.token}" > secrets
     EOF
  }
}

Hi

In summary: selecting all has a different effect as deselect all and use the select all to select them all. Confusing, but it works indeed.

Thanks. It works.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct