@pulumi/openstack 4.2.0-alpha.1727221614 → 5.0.0

package/loadbalancer/listener.d.ts

@@ -7,6 +7,8 @@ import * as pulumi from "@pulumi/pulumi";
  *
  * ## Example Usage
  *
+ * ### Simple listener
+ *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
  * import * as openstack from "@pulumi/openstack";
@@ -21,6 +23,47 @@ import * as pulumi from "@pulumi/pulumi";
  * });
  * ```
  *
+ * ### Listener with TLS and client certificate authentication
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as openstack from "@pulumi/openstack";
+ * import * as std from "@pulumi/std";
+ *
+ * const certificate1 = new openstack.keymanager.SecretV1("certificate_1", {
+ *     name: "certificate",
+ *     payload: std.filebase64({
+ *         input: "snakeoil.p12",
+ *     }).then(invoke => invoke.result),
+ *     payloadContentEncoding: "base64",
+ *     payloadContentType: "application/octet-stream",
+ * });
+ * const caCertificate1 = new openstack.keymanager.SecretV1("ca_certificate_1", {
+ *     name: "certificate",
+ *     payload: std.file({
+ *         input: "CA.pem",
+ *     }).then(invoke => invoke.result),
+ *     secretType: "certificate",
+ *     payloadContentType: "text/plain",
+ * });
+ * const subnet1 = openstack.networking.getSubnet({
+ *     name: "my-subnet",
+ * });
+ * const lb1 = new openstack.LbLoadbalancerV2("lb_1", {
+ *     name: "loadbalancer",
+ *     vipSubnetId: subnet1.then(subnet1 => subnet1.id),
+ * });
+ * const listener1 = new openstack.loadbalancer.Listener("listener_1", {
+ *     name: "https",
+ *     protocol: "TERMINATED_HTTPS",
+ *     protocolPort: 443,
+ *     loadbalancerId: lb1.id,
+ *     defaultTlsContainerRef: certificate1,
+ *     clientAuthentication: "OPTIONAL",
+ *     clientCaTlsContainerRef: caCertificate2.secretRef,
+ * });
+ * ```
+ *
  * ## Import
  *
  * Load Balancer Listener can be imported using the Listener ID, e.g.:
@@ -46,18 +89,46 @@ export declare class Listener extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is Listener;
     /**
-     * The administrative state of the Listener.
-     * A valid value is true (UP) or false (DOWN).
+     * The administrative state of the Listener. A
+     * valid value is true (UP) or false (DOWN).
      */
     readonly adminStateUp: pulumi.Output<boolean | undefined>;
     /**
-     * A list of CIDR blocks that are permitted to connect to this listener, denying
-     * all other source addresses. If not present, defaults to allow all.
+     * A list of CIDR blocks that are permitted to
+     * connect to this listener, denying all other source addresses. If not present,
+     * defaults to allow all.
      */
     readonly allowedCidrs: pulumi.Output<string[] | undefined>;
     /**
-     * The maximum number of connections allowed
-     * for the Listener.
+     * A list of ALPN protocols. Available protocols:
+     * `http/1.0`, `http/1.1`, `h2`. Supported only in **Octavia minor version >=
+     * 2.20**.
+     */
+    readonly alpnProtocols: pulumi.Output<string[]>;
+    /**
+     * The TLS client authentication mode.
+     * Available options: `NONE`, `OPTIONAL` or `MANDATORY`. Requires
+     * `TERMINATED_HTTPS` listener protocol and the `clientCaTlsContainerRef`.
+     * Supported only in **Octavia minor version >= 2.8**.
+     */
+    readonly clientAuthentication: pulumi.Output<string | undefined>;
+    /**
+     * The ref of the key manager service
+     * secret containing a PEM format client CA certificate bundle for
+     * `TERMINATED_HTTPS` listeners. Required if `clientAuthentication` is
+     * `OPTIONAL` or `MANDATORY`. Supported only in **Octavia minor version >=
+     * 2.8**.
+     */
+    readonly clientCaTlsContainerRef: pulumi.Output<string | undefined>;
+    /**
+     * The URI of the key manager service
+     * secret containing a PEM format CA revocation list file for `TERMINATED_HTTPS`
+     * listeners. Supported only in **Octavia minor version >= 2.8**.
+     */
+    readonly clientCrlContainerRef: pulumi.Output<string | undefined>;
+    /**
+     * The maximum number of connections allowed for
+     * the Listener.
      */
     readonly connectionLimit: pulumi.Output<number>;
     /**
@@ -67,9 +138,9 @@ export declare class Listener extends pulumi.CustomResource {
     readonly defaultPoolId: pulumi.Output<string>;
     /**
      * A reference to a Barbican Secrets
-     * container which stores TLS information. This is required if the protocol
-     * is `TERMINATED_HTTPS`. See
-     * [here](https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer)
+     * container which stores TLS information. This is required if the protocol is
+     * `TERMINATED_HTTPS`. See
+     * [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
      * for more information.
      */
     readonly defaultTlsContainerRef: pulumi.Output<string | undefined>;
@@ -78,9 +149,34 @@ export declare class Listener extends pulumi.CustomResource {
      */
     readonly description: pulumi.Output<string | undefined>;
     /**
-     * The list of key value pairs representing headers to insert
-     * into the request before it is sent to the backend members. Changing this updates the headers of the
-     * existing listener.
+     * Defines whether the
+     * **includeSubDomains** directive should be added to the
+     * Strict-Transport-Security HTTP response header. This requires setting the
+     * `hstsMaxAge` option as well in order to become effective. Requires
+     * `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
+     * version >= 2.27**.
+     */
+    readonly hstsIncludeSubdomains: pulumi.Output<boolean | undefined>;
+    /**
+     * The value of the **max_age** directive for the
+     * Strict-Transport-Security HTTP response header. Setting this enables HTTP
+     * Strict Transport Security (HSTS) for the TLS-terminated listener. Requires
+     * `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
+     * version >= 2.27**.
+     */
+    readonly hstsMaxAge: pulumi.Output<number | undefined>;
+    /**
+     * Defines whether the **preload** directive should
+     * be added to the Strict-Transport-Security HTTP response header. This requires
+     * setting the `hstsMaxAge` option as well in order to become effective.
+     * Requires `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia
+     * minor version >= 2.27**.
+     */
+    readonly hstsPreload: pulumi.Output<boolean | undefined>;
+    /**
+     * The list of key value pairs representing
+     * headers to insert into the request before it is sent to the backend members.
+     * Changing this updates the headers of the existing listener.
      */
     readonly insertHeaders: pulumi.Output<{
         [key: string]: string;
@@ -91,33 +187,32 @@ export declare class Listener extends pulumi.CustomResource {
      */
     readonly loadbalancerId: pulumi.Output<string>;
     /**
-     * Human-readable name for the Listener. Does not have
-     * to be unique.
+     * Human-readable name for the Listener. Does not have to be
+     * unique.
      */
     readonly name: pulumi.Output<string>;
     /**
-     * The protocol - can either be TCP, HTTP, HTTPS,
-     * TERMINATED_HTTPS, UDP, SCTP (supported only in
-     * **Octavia minor version >= 2.23**) or PROMETHEUS (supported only in
-     * **Octavia minor version >=2.25**). Changing this creates a new Listener.
+     * The protocol can be either `TCP`, `HTTP`, `HTTPS`,
+     * `TERMINATED_HTTPS`, `UDP`, `SCTP` (supported only in **Octavia minor version
+     * \>= 2.23**), or `PROMETHEUS` (supported only in **Octavia minor version >=
+     * 2.25**). Changing this creates a new Listener.
      */
     readonly protocol: pulumi.Output<string>;
     /**
      * The port on which to listen for client traffic.
-     * Changing this creates a new Listener.
+     * * Changing this creates a new Listener.
      */
     readonly protocolPort: pulumi.Output<number>;
     /**
      * The region in which to obtain the V2 Networking client.
-     * A Networking client is needed to create an . If omitted, the
-     * `region` argument of the provider is used. Changing this creates a new
-     * Listener.
+     * A Networking client is needed to create a listener. If omitted, the `region`
+     * argument of the provider is used. Changing this creates a new Listener.
      */
     readonly region: pulumi.Output<string>;
     /**
      * A list of references to Barbican Secrets
      * containers which store SNI information. See
-     * [here](https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer)
+     * [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
      * for more information.
      */
     readonly sniContainerRefs: pulumi.Output<string[] | undefined>;
@@ -128,27 +223,43 @@ export declare class Listener extends pulumi.CustomResource {
     readonly tags: pulumi.Output<string[] | undefined>;
     /**
      * Required for admins. The UUID of the tenant who owns
-     * the Listener.  Only administrative users can specify a tenant UUID
-     * other than their own. Changing this creates a new Listener.
+     * the Listener.  Only administrative users can specify a tenant UUID other than
+     * their own. Changing this creates a new Listener.
      */
     readonly tenantId: pulumi.Output<string>;
     /**
-     * The client inactivity timeout in milliseconds.
+     * The client inactivity timeout in
+     * milliseconds.
      */
     readonly timeoutClientData: pulumi.Output<number>;
     /**
-     * The member connection timeout in milliseconds.
+     * The member connection timeout in
+     * milliseconds.
      */
     readonly timeoutMemberConnect: pulumi.Output<number>;
     /**
-     * The member inactivity timeout in milliseconds.
+     * The member inactivity timeout in
+     * milliseconds.
      */
     readonly timeoutMemberData: pulumi.Output<number>;
     /**
-     * The time in milliseconds, to wait for additional
-     * TCP packets for content inspection.
+     * The time in milliseconds, to wait for
+     * additional TCP packets for content inspection.
      */
     readonly timeoutTcpInspect: pulumi.Output<number>;
+    /**
+     * List of ciphers in OpenSSL format
+     * (colon-separated). See
+     * https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for more information.
+     * Supported only in **Octavia minor version >= 2.15**.
+     */
+    readonly tlsCiphers: pulumi.Output<string>;
+    /**
+     * A list of TLS protocol versions. Available
+     * versions: `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. Supported only in
+     * **Octavia minor version >= 2.17**.
+     */
+    readonly tlsVersions: pulumi.Output<string[]>;
     /**
      * Create a Listener resource with the given unique name, arguments, and options.
      *
@@ -163,18 +274,46 @@ export declare class Listener extends pulumi.CustomResource {
  */
 export interface ListenerState {
     /**
-     * The administrative state of the Listener.
-     * A valid value is true (UP) or false (DOWN).
+     * The administrative state of the Listener. A
+     * valid value is true (UP) or false (DOWN).
      */
     adminStateUp?: pulumi.Input<boolean>;
     /**
-     * A list of CIDR blocks that are permitted to connect to this listener, denying
-     * all other source addresses. If not present, defaults to allow all.
+     * A list of CIDR blocks that are permitted to
+     * connect to this listener, denying all other source addresses. If not present,
+     * defaults to allow all.
      */
     allowedCidrs?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The maximum number of connections allowed
-     * for the Listener.
+     * A list of ALPN protocols. Available protocols:
+     * `http/1.0`, `http/1.1`, `h2`. Supported only in **Octavia minor version >=
+     * 2.20**.
+     */
+    alpnProtocols?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * The TLS client authentication mode.
+     * Available options: `NONE`, `OPTIONAL` or `MANDATORY`. Requires
+     * `TERMINATED_HTTPS` listener protocol and the `clientCaTlsContainerRef`.
+     * Supported only in **Octavia minor version >= 2.8**.
+     */
+    clientAuthentication?: pulumi.Input<string>;
+    /**
+     * The ref of the key manager service
+     * secret containing a PEM format client CA certificate bundle for
+     * `TERMINATED_HTTPS` listeners. Required if `clientAuthentication` is
+     * `OPTIONAL` or `MANDATORY`. Supported only in **Octavia minor version >=
+     * 2.8**.
+     */
+    clientCaTlsContainerRef?: pulumi.Input<string>;
+    /**
+     * The URI of the key manager service
+     * secret containing a PEM format CA revocation list file for `TERMINATED_HTTPS`
+     * listeners. Supported only in **Octavia minor version >= 2.8**.
+     */
+    clientCrlContainerRef?: pulumi.Input<string>;
+    /**
+     * The maximum number of connections allowed for
+     * the Listener.
      */
     connectionLimit?: pulumi.Input<number>;
     /**
@@ -184,9 +323,9 @@ export interface ListenerState {
     defaultPoolId?: pulumi.Input<string>;
     /**
      * A reference to a Barbican Secrets
-     * container which stores TLS information. This is required if the protocol
-     * is `TERMINATED_HTTPS`. See
-     * [here](https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer)
+     * container which stores TLS information. This is required if the protocol is
+     * `TERMINATED_HTTPS`. See
+     * [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
      * for more information.
      */
     defaultTlsContainerRef?: pulumi.Input<string>;
@@ -195,9 +334,34 @@ export interface ListenerState {
      */
     description?: pulumi.Input<string>;
     /**
-     * The list of key value pairs representing headers to insert
-     * into the request before it is sent to the backend members. Changing this updates the headers of the
-     * existing listener.
+     * Defines whether the
+     * **includeSubDomains** directive should be added to the
+     * Strict-Transport-Security HTTP response header. This requires setting the
+     * `hstsMaxAge` option as well in order to become effective. Requires
+     * `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
+     * version >= 2.27**.
+     */
+    hstsIncludeSubdomains?: pulumi.Input<boolean>;
+    /**
+     * The value of the **max_age** directive for the
+     * Strict-Transport-Security HTTP response header. Setting this enables HTTP
+     * Strict Transport Security (HSTS) for the TLS-terminated listener. Requires
+     * `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
+     * version >= 2.27**.
+     */
+    hstsMaxAge?: pulumi.Input<number>;
+    /**
+     * Defines whether the **preload** directive should
+     * be added to the Strict-Transport-Security HTTP response header. This requires
+     * setting the `hstsMaxAge` option as well in order to become effective.
+     * Requires `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia
+     * minor version >= 2.27**.
+     */
+    hstsPreload?: pulumi.Input<boolean>;
+    /**
+     * The list of key value pairs representing
+     * headers to insert into the request before it is sent to the backend members.
+     * Changing this updates the headers of the existing listener.
      */
     insertHeaders?: pulumi.Input<{
         [key: string]: pulumi.Input<string>;
@@ -208,33 +372,32 @@ export interface ListenerState {
      */
     loadbalancerId?: pulumi.Input<string>;
     /**
-     * Human-readable name for the Listener. Does not have
-     * to be unique.
+     * Human-readable name for the Listener. Does not have to be
+     * unique.
      */
     name?: pulumi.Input<string>;
     /**
-     * The protocol - can either be TCP, HTTP, HTTPS,
-     * TERMINATED_HTTPS, UDP, SCTP (supported only in
-     * **Octavia minor version >= 2.23**) or PROMETHEUS (supported only in
-     * **Octavia minor version >=2.25**). Changing this creates a new Listener.
+     * The protocol can be either `TCP`, `HTTP`, `HTTPS`,
+     * `TERMINATED_HTTPS`, `UDP`, `SCTP` (supported only in **Octavia minor version
+     * \>= 2.23**), or `PROMETHEUS` (supported only in **Octavia minor version >=
+     * 2.25**). Changing this creates a new Listener.
      */
     protocol?: pulumi.Input<string>;
     /**
      * The port on which to listen for client traffic.
-     * Changing this creates a new Listener.
+     * * Changing this creates a new Listener.
      */
     protocolPort?: pulumi.Input<number>;
     /**
      * The region in which to obtain the V2 Networking client.
-     * A Networking client is needed to create an . If omitted, the
-     * `region` argument of the provider is used. Changing this creates a new
-     * Listener.
+     * A Networking client is needed to create a listener. If omitted, the `region`
+     * argument of the provider is used. Changing this creates a new Listener.
      */
     region?: pulumi.Input<string>;
     /**
      * A list of references to Barbican Secrets
      * containers which store SNI information. See
-     * [here](https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer)
+     * [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
      * for more information.
      */
     sniContainerRefs?: pulumi.Input<pulumi.Input<string>[]>;
@@ -245,45 +408,89 @@ export interface ListenerState {
     tags?: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * Required for admins. The UUID of the tenant who owns
-     * the Listener.  Only administrative users can specify a tenant UUID
-     * other than their own. Changing this creates a new Listener.
+     * the Listener.  Only administrative users can specify a tenant UUID other than
+     * their own. Changing this creates a new Listener.
      */
     tenantId?: pulumi.Input<string>;
     /**
-     * The client inactivity timeout in milliseconds.
+     * The client inactivity timeout in
+     * milliseconds.
      */
     timeoutClientData?: pulumi.Input<number>;
     /**
-     * The member connection timeout in milliseconds.
+     * The member connection timeout in
+     * milliseconds.
      */
     timeoutMemberConnect?: pulumi.Input<number>;
     /**
-     * The member inactivity timeout in milliseconds.
+     * The member inactivity timeout in
+     * milliseconds.
      */
     timeoutMemberData?: pulumi.Input<number>;
     /**
-     * The time in milliseconds, to wait for additional
-     * TCP packets for content inspection.
+     * The time in milliseconds, to wait for
+     * additional TCP packets for content inspection.
      */
     timeoutTcpInspect?: pulumi.Input<number>;
+    /**
+     * List of ciphers in OpenSSL format
+     * (colon-separated). See
+     * https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for more information.
+     * Supported only in **Octavia minor version >= 2.15**.
+     */
+    tlsCiphers?: pulumi.Input<string>;
+    /**
+     * A list of TLS protocol versions. Available
+     * versions: `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. Supported only in
+     * **Octavia minor version >= 2.17**.
+     */
+    tlsVersions?: pulumi.Input<pulumi.Input<string>[]>;
 }
 /**
  * The set of arguments for constructing a Listener resource.
  */
 export interface ListenerArgs {
     /**
-     * The administrative state of the Listener.
-     * A valid value is true (UP) or false (DOWN).
+     * The administrative state of the Listener. A
+     * valid value is true (UP) or false (DOWN).
      */
     adminStateUp?: pulumi.Input<boolean>;
     /**
-     * A list of CIDR blocks that are permitted to connect to this listener, denying
-     * all other source addresses. If not present, defaults to allow all.
+     * A list of CIDR blocks that are permitted to
+     * connect to this listener, denying all other source addresses. If not present,
+     * defaults to allow all.
      */
     allowedCidrs?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The maximum number of connections allowed
-     * for the Listener.
+     * A list of ALPN protocols. Available protocols:
+     * `http/1.0`, `http/1.1`, `h2`. Supported only in **Octavia minor version >=
+     * 2.20**.
+     */
+    alpnProtocols?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * The TLS client authentication mode.
+     * Available options: `NONE`, `OPTIONAL` or `MANDATORY`. Requires
+     * `TERMINATED_HTTPS` listener protocol and the `clientCaTlsContainerRef`.
+     * Supported only in **Octavia minor version >= 2.8**.
+     */
+    clientAuthentication?: pulumi.Input<string>;
+    /**
+     * The ref of the key manager service
+     * secret containing a PEM format client CA certificate bundle for
+     * `TERMINATED_HTTPS` listeners. Required if `clientAuthentication` is
+     * `OPTIONAL` or `MANDATORY`. Supported only in **Octavia minor version >=
+     * 2.8**.
+     */
+    clientCaTlsContainerRef?: pulumi.Input<string>;
+    /**
+     * The URI of the key manager service
+     * secret containing a PEM format CA revocation list file for `TERMINATED_HTTPS`
+     * listeners. Supported only in **Octavia minor version >= 2.8**.
+     */
+    clientCrlContainerRef?: pulumi.Input<string>;
+    /**
+     * The maximum number of connections allowed for
+     * the Listener.
      */
     connectionLimit?: pulumi.Input<number>;
     /**
@@ -293,9 +500,9 @@ export interface ListenerArgs {
     defaultPoolId?: pulumi.Input<string>;
     /**
      * A reference to a Barbican Secrets
-     * container which stores TLS information. This is required if the protocol
-     * is `TERMINATED_HTTPS`. See
-     * [here](https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer)
+     * container which stores TLS information. This is required if the protocol is
+     * `TERMINATED_HTTPS`. See
+     * [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
      * for more information.
      */
     defaultTlsContainerRef?: pulumi.Input<string>;
@@ -304,9 +511,34 @@ export interface ListenerArgs {
      */
     description?: pulumi.Input<string>;
     /**
-     * The list of key value pairs representing headers to insert
-     * into the request before it is sent to the backend members. Changing this updates the headers of the
-     * existing listener.
+     * Defines whether the
+     * **includeSubDomains** directive should be added to the
+     * Strict-Transport-Security HTTP response header. This requires setting the
+     * `hstsMaxAge` option as well in order to become effective. Requires
+     * `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
+     * version >= 2.27**.
+     */
+    hstsIncludeSubdomains?: pulumi.Input<boolean>;
+    /**
+     * The value of the **max_age** directive for the
+     * Strict-Transport-Security HTTP response header. Setting this enables HTTP
+     * Strict Transport Security (HSTS) for the TLS-terminated listener. Requires
+     * `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia minor
+     * version >= 2.27**.
+     */
+    hstsMaxAge?: pulumi.Input<number>;
+    /**
+     * Defines whether the **preload** directive should
+     * be added to the Strict-Transport-Security HTTP response header. This requires
+     * setting the `hstsMaxAge` option as well in order to become effective.
+     * Requires `TERMINATED_HTTPS` listener protocol. Supported only in **Octavia
+     * minor version >= 2.27**.
+     */
+    hstsPreload?: pulumi.Input<boolean>;
+    /**
+     * The list of key value pairs representing
+     * headers to insert into the request before it is sent to the backend members.
+     * Changing this updates the headers of the existing listener.
      */
     insertHeaders?: pulumi.Input<{
         [key: string]: pulumi.Input<string>;
@@ -317,33 +549,32 @@ export interface ListenerArgs {
      */
     loadbalancerId: pulumi.Input<string>;
     /**
-     * Human-readable name for the Listener. Does not have
-     * to be unique.
+     * Human-readable name for the Listener. Does not have to be
+     * unique.
      */
     name?: pulumi.Input<string>;
     /**
-     * The protocol - can either be TCP, HTTP, HTTPS,
-     * TERMINATED_HTTPS, UDP, SCTP (supported only in
-     * **Octavia minor version >= 2.23**) or PROMETHEUS (supported only in
-     * **Octavia minor version >=2.25**). Changing this creates a new Listener.
+     * The protocol can be either `TCP`, `HTTP`, `HTTPS`,
+     * `TERMINATED_HTTPS`, `UDP`, `SCTP` (supported only in **Octavia minor version
+     * \>= 2.23**), or `PROMETHEUS` (supported only in **Octavia minor version >=
+     * 2.25**). Changing this creates a new Listener.
      */
     protocol: pulumi.Input<string>;
     /**
      * The port on which to listen for client traffic.
-     * Changing this creates a new Listener.
+     * * Changing this creates a new Listener.
      */
     protocolPort: pulumi.Input<number>;
     /**
      * The region in which to obtain the V2 Networking client.
-     * A Networking client is needed to create an . If omitted, the
-     * `region` argument of the provider is used. Changing this creates a new
-     * Listener.
+     * A Networking client is needed to create a listener. If omitted, the `region`
+     * argument of the provider is used. Changing this creates a new Listener.
      */
     region?: pulumi.Input<string>;
     /**
      * A list of references to Barbican Secrets
      * containers which store SNI information. See
-     * [here](https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer)
+     * [here](https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer)
      * for more information.
      */
     sniContainerRefs?: pulumi.Input<pulumi.Input<string>[]>;
@@ -354,25 +585,41 @@ export interface ListenerArgs {
     tags?: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * Required for admins. The UUID of the tenant who owns
-     * the Listener.  Only administrative users can specify a tenant UUID
-     * other than their own. Changing this creates a new Listener.
+     * the Listener.  Only administrative users can specify a tenant UUID other than
+     * their own. Changing this creates a new Listener.
      */
     tenantId?: pulumi.Input<string>;
     /**
-     * The client inactivity timeout in milliseconds.
+     * The client inactivity timeout in
+     * milliseconds.
      */
     timeoutClientData?: pulumi.Input<number>;
     /**
-     * The member connection timeout in milliseconds.
+     * The member connection timeout in
+     * milliseconds.
      */
     timeoutMemberConnect?: pulumi.Input<number>;
     /**
-     * The member inactivity timeout in milliseconds.
+     * The member inactivity timeout in
+     * milliseconds.
      */
     timeoutMemberData?: pulumi.Input<number>;
     /**
-     * The time in milliseconds, to wait for additional
-     * TCP packets for content inspection.
+     * The time in milliseconds, to wait for
+     * additional TCP packets for content inspection.
      */
     timeoutTcpInspect?: pulumi.Input<number>;
+    /**
+     * List of ciphers in OpenSSL format
+     * (colon-separated). See
+     * https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for more information.
+     * Supported only in **Octavia minor version >= 2.15**.
+     */
+    tlsCiphers?: pulumi.Input<string>;
+    /**
+     * A list of TLS protocol versions. Available
+     * versions: `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. Supported only in
+     * **Octavia minor version >= 2.17**.
+     */
+    tlsVersions?: pulumi.Input<pulumi.Input<string>[]>;
 }