Setting up the GCP Cloud function

To run the pentest instance on the GCP cloud, you must configure the cloud function on your GCP account. Prancer wants this cloud function to create and manage the Kubernetes cluster on the GCP account. Here are the steps to configure the cloud function:

1. Create Service Account JSON

We must create the service account JSON with proper permissions to create and manage resources on the cloud. This service account JSON will be attached to the cloud function. These are our recommendations for the Service Account permission to use in PAC:

  • Cloud Build Service Account: Can perform builds

  • Cloud Functions Service Agent: Gives Cloud Functions service account access to managed resources.

  • Kubernetes Engine Admin: Full management of Kubernetes Clusters and their Kubernetes API objects.

  • Service Account User: Run operations as the service account.

  • IAM Workload Identity Pool Viewer: Read access to workload identity pools.

  • Secret Manager Viewer: Allows viewing metadata of all secret manager resources

2. Create cloud function

Open the page to create a new cloud function and complete the details.

Basics

  • Environment: 2nd gen
  • Function name: Enter the function name of your choice.
  • Region: Set the region where you want to configure the cloud function.

Trigger

  • Trigger type: Select HTTP as the trigger type.
  • Authentication: Select the Require authentication option to secure your cloud function from unauthorized users.

Runtime Settings

  • Open the Runtime settings, view the Runtime service account option, and select the service account JSON you created in the previous step.

Build Settings

  • Go to the Build tab, select the Custom service account option, and pick the service account JSON file you created previously.

Click on the Next button after filling out all the details.

3. Enter the code

In the next step, you have to configure the code of the cloud function.

  • Select Go 1.18 as a Runtime environment.
  • Here is the reposiotry containing the code you must put in Inline Editor.
  • Create the appropriate files and put the code inside the files by referring to the repository.
  • Once you complete the entering of code, click on the Deploy button to deploy the cloud function.

Share the cloud function URL with the Prancer Support Team after deploying the cloud function.