Setting up the GCP Cloud function
To run the pentest instance on the GCP cloud, you must configure the cloud function on your GCP account. Prancer wants this cloud function to create and manage the Kubernetes cluster on the GCP account. Here are the steps to configure the cloud function:
1. Create Service Account JSON
We must create the service account JSON with proper permissions to create and manage resources on the cloud. This service account JSON will be attached to the cloud function. These are our recommendations for the Service Account permission to use in PAC:
Cloud Functions Service Agent: Gives Cloud Functions service account access to managed resources.
Kubernetes Engine Developer: Full access to Kubernetes API objects inside Kubernetes Clusters.
Service Account User: Run operations as the service account.
IAM Workload Identity Pool Viewer: Read access to workload identity pools.
Secret Manager Viewer: Allows viewing metadata of all secret manager resources
2. Create cloud function
Open the page to create a new cloud function and complete the details.
- Environment: 2nd gen
- Function name: Enter the function name of your choice.
- Region: Set the region where you want to configure the cloud function.
- Trigger type: Select
HTTPas the trigger type.
- Authentication: Select the
Require authenticationoption to secure your cloud function from unauthorized users.
- Open the Runtime settings, view the
Runtime service accountoption, and select the service account JSON you created in the previous step.
Click on the
Next button after filling out all the details.
3. Enter the code
In the next step, you have to configure the code of the cloud function.
Go 1.18as a
- Here is the reposiotry containing the code you must put in
- Create the appropriate files and put the code inside the files by referring to the repository.
- Once you complete the entering of code, click on the
Deploybutton to deploy the cloud function.
Share the cloud function URL with the Prancer Support Team after deploying the cloud function.