Setting up the GCP Cloud function

To run the pentest instance on the GCP cloud, you must configure the cloud function on your GCP account. Prancer wants this cloud function to create and manage the Kubernetes cluster on the GCP account. Here are the steps to configure the cloud function:

1. Create Service Account JSON

We must create the service account JSON with proper permissions to create and manage resources on the cloud. This service account JSON will be attached to the cloud function. These are our recommendations for the Service Account permission to use in PAC:

  • Cloud Build Service Account: Can perform builds

  • Cloud Functions Service Agent: Gives Cloud Functions service account access to managed resources.

  • Kubernetes Engine Admin: Full management of Kubernetes Clusters and their Kubernetes API objects.

  • Service Account User: Run operations as the service account.

  • IAM Workload Identity Pool Viewer: Read access to workload identity pools.

  • Secret Manager Viewer: Allows viewing metadata of all secret manager resources

2. Create a Cloud Function

  1. Open the Cloud Function Creation Page and fill in the required details.

Basics

  • Environment: Select 2nd gen.
  • Function Name: Provide a name of your choice for the function.
  • Region: Choose the region where the cloud function will be deployed.

Trigger

  • Trigger Type: Choose HTTPS as the trigger type.
  • Authentication: Set it to Require authentication to secure your cloud function from unauthorized access.

Runtime Settings

  • Under Runtime Settings, locate the Runtime service account field and select the service account JSON created in the previous step.
  • Set Default Network Name (Optional):
    Configure the network for cluster creation by setting the DEFAULT_NETWORK variable in the Runtime environment variables. If not specified, the default network (default) will be used.

Build Settings

  • Navigate to the Build tab, select the Custom service account option, and choose the service account JSON file from the earlier step.

After completing all sections, click Next.

3. Configure the Code

  1. Select Go 1.18 as the Runtime environment.
  2. Refer to the repository for the code.
  3. Use the Inline Editor to create the necessary files and copy the code from the repository. If uploading a ZIP file, ensure that go.mod and all *.go files are at the root level of the archive.
  4. Update the EntryPoint with the RunPAC value.
  5. Once all files are set up, click the Deploy button to deploy the cloud function.

Final Step

Share the deployed cloud function URL with the Prancer Support Team for further integration.