@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +24 -877
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -176,13 +176,13 @@ A [`http1_config`](#http1-config) block supports the following:
|
|
|
176
176
|
|
|
177
177
|
A [`header_transformation`](#http1-config-header-transformation) block (within [`http1_config`](#http1-config)) supports the following:
|
|
178
178
|
|
|
179
|
-
<a id="
|
|
179
|
+
<a id="transformation-489a65"></a>• [`default_header_transformation`](#transformation-489a65) - Optional Block<br>Enable this option
|
|
180
180
|
|
|
181
|
-
<a id="
|
|
181
|
+
<a id="transformation-7adc9e"></a>• [`legacy_header_transformation`](#transformation-7adc9e) - Optional Block<br>Enable this option
|
|
182
182
|
|
|
183
|
-
<a id="
|
|
183
|
+
<a id="transformation-61c351"></a>• [`preserve_case_header_transformation`](#transformation-61c351) - Optional Block<br>Enable this option
|
|
184
184
|
|
|
185
|
-
<a id="
|
|
185
|
+
<a id="transformation-17cea9"></a>• [`proper_case_header_transformation`](#transformation-17cea9) - Optional Block<br>Enable this option
|
|
186
186
|
|
|
187
187
|
#### Http2 Options
|
|
188
188
|
|
|
@@ -198,7 +198,7 @@ An [`outlier_detection`](#outlier-detection) block supports the following:
|
|
|
198
198
|
|
|
199
199
|
<a id="outlier-detection-consecutive-5xx"></a>• [`consecutive_5xx`](#outlier-detection-consecutive-5xx) - Optional Number Defaults to `5`<br>Consecutive 5xx Count. If an upstream endpoint returns some number of consecutive 5xx, it will be ejected. Note that in this case a 5xx means an actual 5xx respond code, or an event that would cause the HTTP router to return one on the upstream’s behalf(reset, connection failure, etc.) consecutive_5xx indicates the number of consecutive 5xx responses required before a consecutive 5xx ejection occurs
|
|
200
200
|
|
|
201
|
-
<a id="
|
|
201
|
+
<a id="failure-45be04"></a>• [`consecutive_gateway_failure`](#failure-45be04) - Optional Number Defaults to `5`<br>Consecutive Gateway Failure. If an upstream endpoint returns some number of consecutive “gateway errors” (502, 503 or 504 status code), it will be ejected. Note that this includes events that would cause the HTTP router to return one of these status codes on the upstream’s behalf (reset, connection failure, etc.). consecutive_gateway_failure indicates the number of consecutive gateway failures before a consecutive gateway failure ejection occurs
|
|
202
202
|
|
|
203
203
|
<a id="outlier-detection-interval"></a>• [`interval`](#outlier-detection-interval) - Optional Number Defaults to `10000ms` Specified in milliseconds<br>Interval. The time interval between ejection analysis sweeps. This can result in both new ejections as well as endpoints being returned to service
|
|
204
204
|
|
|
@@ -224,9 +224,9 @@ A [`tls_parameters`](#tls-parameters) block supports the following:
|
|
|
224
224
|
|
|
225
225
|
<a id="tls-parameters-common-params"></a>• [`common_params`](#tls-parameters-common-params) - Optional Block<br>TLS Parameters. Information of different aspects for TLS authentication related to ciphers, certificates and trust store<br>See [Common Params](#tls-parameters-common-params) below.
|
|
226
226
|
|
|
227
|
-
<a id="
|
|
227
|
+
<a id="caching-2e557f"></a>• [`default_session_key_caching`](#caching-2e557f) - Optional Block<br>Enable this option
|
|
228
228
|
|
|
229
|
-
<a id="
|
|
229
|
+
<a id="caching-d819c5"></a>• [`disable_session_key_caching`](#caching-d819c5) - Optional Block<br>Enable this option
|
|
230
230
|
|
|
231
231
|
<a id="tls-parameters-disable-sni"></a>• [`disable_sni`](#tls-parameters-disable-sni) - Optional Block<br>Enable this option
|
|
232
232
|
|
|
@@ -242,161 +242,161 @@ A [`cert_params`](#tls-parameters-cert-params) block (within [`tls_parameters`](
|
|
|
242
242
|
|
|
243
243
|
<a id="tls-parameters-cert-params-certificates"></a>• [`certificates`](#tls-parameters-cert-params-certificates) - Optional Block<br>Client Certificate. Client TLS Certificate required for mTLS authentication<br>See [Certificates](#tls-parameters-cert-params-certificates) below.
|
|
244
244
|
|
|
245
|
-
<a id="
|
|
245
|
+
<a id="suites-176fce"></a>• [`cipher_suites`](#suites-176fce) - Optional List<br>Cipher Suites. The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 If not specified, the default list: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 will be used
|
|
246
246
|
|
|
247
|
-
<a id="
|
|
247
|
+
<a id="version-4c65cd"></a>• [`maximum_protocol_version`](#version-4c65cd) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
248
248
|
|
|
249
|
-
<a id="
|
|
249
|
+
<a id="version-e15b41"></a>• [`minimum_protocol_version`](#version-e15b41) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
250
250
|
|
|
251
|
-
<a id="
|
|
251
|
+
<a id="params-0d9f11"></a>• [`validation_params`](#params-0d9f11) - Optional Block<br>TLS Certificate Validation Parameters. This includes URL for a trust store, whether SAN verification is required and list of Subject Alt Names for verification<br>See [Validation Params](#params-0d9f11) below.
|
|
252
252
|
|
|
253
253
|
#### TLS Parameters Cert Params Certificates
|
|
254
254
|
|
|
255
255
|
A [`certificates`](#tls-parameters-cert-params-certificates) block (within [`tls_parameters.cert_params`](#tls-parameters-cert-params)) supports the following:
|
|
256
256
|
|
|
257
|
-
<a id="
|
|
257
|
+
<a id="kind-8b8a07"></a>• [`kind`](#kind-8b8a07) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
258
258
|
|
|
259
|
-
<a id="
|
|
259
|
+
<a id="name-d17505"></a>• [`name`](#name-d17505) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
260
260
|
|
|
261
|
-
<a id="
|
|
261
|
+
<a id="namespace-d38fb9"></a>• [`namespace`](#namespace-d38fb9) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
262
262
|
|
|
263
|
-
<a id="
|
|
263
|
+
<a id="tenant-34f974"></a>• [`tenant`](#tenant-34f974) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
264
264
|
|
|
265
|
-
<a id="
|
|
265
|
+
<a id="uid-29a359"></a>• [`uid`](#uid-29a359) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
266
266
|
|
|
267
267
|
#### TLS Parameters Cert Params Validation Params
|
|
268
268
|
|
|
269
|
-
A [`validation_params`](#
|
|
269
|
+
A [`validation_params`](#params-0d9f11) block (within [`tls_parameters.cert_params`](#tls-parameters-cert-params)) supports the following:
|
|
270
270
|
|
|
271
|
-
<a id="
|
|
271
|
+
<a id="verification-29bce9"></a>• [`skip_hostname_verification`](#verification-29bce9) - Optional Bool<br>Skip verification of hostname. When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname
|
|
272
272
|
|
|
273
|
-
<a id="
|
|
273
|
+
<a id="trusted-ca-91d5d8"></a>• [`trusted_ca`](#trusted-ca-91d5d8) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA](#trusted-ca-91d5d8) below.
|
|
274
274
|
|
|
275
|
-
<a id="
|
|
275
|
+
<a id="url-03ea65"></a>• [`trusted_ca_url`](#url-03ea65) - Optional String<br>Inline Root CA Certificate (legacy). Inline Root CA Certificate
|
|
276
276
|
|
|
277
|
-
<a id="
|
|
277
|
+
<a id="names-4c662c"></a>• [`verify_subject_alt_names`](#names-4c662c) - Optional List<br>List of SANs for matching. List of acceptable Subject Alt Names/CN in the peer's certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer's certificate
|
|
278
278
|
|
|
279
279
|
#### TLS Parameters Cert Params Validation Params Trusted CA
|
|
280
280
|
|
|
281
|
-
A [`trusted_ca`](#
|
|
281
|
+
A [`trusted_ca`](#trusted-ca-91d5d8) block (within [`tls_parameters.cert_params.validation_params`](#params-0d9f11)) supports the following:
|
|
282
282
|
|
|
283
|
-
<a id="
|
|
283
|
+
<a id="list-20bc64"></a>• [`trusted_ca_list`](#list-20bc64) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA List](#list-20bc64) below.
|
|
284
284
|
|
|
285
285
|
#### TLS Parameters Cert Params Validation Params Trusted CA Trusted CA List
|
|
286
286
|
|
|
287
|
-
A [`trusted_ca_list`](#
|
|
287
|
+
A [`trusted_ca_list`](#list-20bc64) block (within [`tls_parameters.cert_params.validation_params.trusted_ca`](#trusted-ca-91d5d8)) supports the following:
|
|
288
288
|
|
|
289
|
-
<a id="
|
|
289
|
+
<a id="kind-338daa"></a>• [`kind`](#kind-338daa) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
290
290
|
|
|
291
|
-
<a id="
|
|
291
|
+
<a id="name-f56f86"></a>• [`name`](#name-f56f86) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
292
292
|
|
|
293
|
-
<a id="
|
|
293
|
+
<a id="namespace-e9404a"></a>• [`namespace`](#namespace-e9404a) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
294
294
|
|
|
295
|
-
<a id="
|
|
295
|
+
<a id="tenant-211069"></a>• [`tenant`](#tenant-211069) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
296
296
|
|
|
297
|
-
<a id="
|
|
297
|
+
<a id="uid-04ebc1"></a>• [`uid`](#uid-04ebc1) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
298
298
|
|
|
299
299
|
#### TLS Parameters Common Params
|
|
300
300
|
|
|
301
301
|
A [`common_params`](#tls-parameters-common-params) block (within [`tls_parameters`](#tls-parameters)) supports the following:
|
|
302
302
|
|
|
303
|
-
<a id="
|
|
303
|
+
<a id="suites-f69d86"></a>• [`cipher_suites`](#suites-f69d86) - Optional List<br>Cipher Suites. The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 If not specified, the default list: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 will be used
|
|
304
304
|
|
|
305
|
-
<a id="
|
|
305
|
+
<a id="version-e7c6f2"></a>• [`maximum_protocol_version`](#version-e7c6f2) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
306
306
|
|
|
307
|
-
<a id="
|
|
307
|
+
<a id="version-7d1460"></a>• [`minimum_protocol_version`](#version-7d1460) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
308
308
|
|
|
309
|
-
<a id="
|
|
309
|
+
<a id="certificates-c9caff"></a>• [`tls_certificates`](#certificates-c9caff) - Optional Block<br>TLS Certificates. Set of TLS certificates<br>See [TLS Certificates](#certificates-c9caff) below.
|
|
310
310
|
|
|
311
|
-
<a id="
|
|
311
|
+
<a id="params-6e95a6"></a>• [`validation_params`](#params-6e95a6) - Optional Block<br>TLS Certificate Validation Parameters. This includes URL for a trust store, whether SAN verification is required and list of Subject Alt Names for verification<br>See [Validation Params](#params-6e95a6) below.
|
|
312
312
|
|
|
313
313
|
#### TLS Parameters Common Params TLS Certificates
|
|
314
314
|
|
|
315
|
-
A [`tls_certificates`](#
|
|
315
|
+
A [`tls_certificates`](#certificates-c9caff) block (within [`tls_parameters.common_params`](#tls-parameters-common-params)) supports the following:
|
|
316
316
|
|
|
317
|
-
<a id="
|
|
317
|
+
<a id="url-323181"></a>• [`certificate_url`](#url-323181) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
318
318
|
|
|
319
|
-
<a id="
|
|
319
|
+
<a id="algorithms-eb62be"></a>• [`custom_hash_algorithms`](#algorithms-eb62be) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-eb62be) below.
|
|
320
320
|
|
|
321
|
-
<a id="
|
|
321
|
+
<a id="spec-5af02c"></a>• [`description_spec`](#spec-5af02c) - Optional String<br>Description. Description for the certificate
|
|
322
322
|
|
|
323
|
-
<a id="
|
|
323
|
+
<a id="stapling-c091fa"></a>• [`disable_ocsp_stapling`](#stapling-c091fa) - Optional Block<br>Enable this option
|
|
324
324
|
|
|
325
|
-
<a id="
|
|
325
|
+
<a id="key-da7979"></a>• [`private_key`](#key-da7979) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-da7979) below.
|
|
326
326
|
|
|
327
|
-
<a id="
|
|
327
|
+
<a id="defaults-f58bc7"></a>• [`use_system_defaults`](#defaults-f58bc7) - Optional Block<br>Enable this option
|
|
328
328
|
|
|
329
329
|
#### TLS Parameters Common Params TLS Certificates Custom Hash Algorithms
|
|
330
330
|
|
|
331
|
-
A [`custom_hash_algorithms`](#
|
|
331
|
+
A [`custom_hash_algorithms`](#algorithms-eb62be) block (within [`tls_parameters.common_params.tls_certificates`](#certificates-c9caff)) supports the following:
|
|
332
332
|
|
|
333
|
-
<a id="
|
|
333
|
+
<a id="algorithms-707f27"></a>• [`hash_algorithms`](#algorithms-707f27) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
334
334
|
|
|
335
335
|
#### TLS Parameters Common Params TLS Certificates Private Key
|
|
336
336
|
|
|
337
|
-
A [`private_key`](#
|
|
337
|
+
A [`private_key`](#key-da7979) block (within [`tls_parameters.common_params.tls_certificates`](#certificates-c9caff)) supports the following:
|
|
338
338
|
|
|
339
|
-
<a id="
|
|
339
|
+
<a id="info-eaa266"></a>• [`blindfold_secret_info`](#info-eaa266) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-eaa266) below.
|
|
340
340
|
|
|
341
|
-
<a id="
|
|
341
|
+
<a id="info-b039d1"></a>• [`clear_secret_info`](#info-b039d1) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-b039d1) below.
|
|
342
342
|
|
|
343
343
|
#### TLS Parameters Common Params TLS Certificates Private Key Blindfold Secret Info
|
|
344
344
|
|
|
345
|
-
A [`blindfold_secret_info`](#
|
|
345
|
+
A [`blindfold_secret_info`](#info-eaa266) block (within [`tls_parameters.common_params.tls_certificates.private_key`](#key-da7979)) supports the following:
|
|
346
346
|
|
|
347
|
-
<a id="
|
|
347
|
+
<a id="provider-fc3d7d"></a>• [`decryption_provider`](#provider-fc3d7d) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
348
348
|
|
|
349
|
-
<a id="
|
|
349
|
+
<a id="location-373b8d"></a>• [`location`](#location-373b8d) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
350
350
|
|
|
351
|
-
<a id="
|
|
351
|
+
<a id="provider-68c63b"></a>• [`store_provider`](#provider-68c63b) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
352
352
|
|
|
353
353
|
#### TLS Parameters Common Params TLS Certificates Private Key Clear Secret Info
|
|
354
354
|
|
|
355
|
-
A [`clear_secret_info`](#
|
|
355
|
+
A [`clear_secret_info`](#info-b039d1) block (within [`tls_parameters.common_params.tls_certificates.private_key`](#key-da7979)) supports the following:
|
|
356
356
|
|
|
357
|
-
<a id="
|
|
357
|
+
<a id="ref-571118"></a>• [`provider_ref`](#ref-571118) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
358
358
|
|
|
359
|
-
<a id="
|
|
359
|
+
<a id="url-65b084"></a>• [`url`](#url-65b084) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
360
360
|
|
|
361
361
|
#### TLS Parameters Common Params Validation Params
|
|
362
362
|
|
|
363
|
-
A [`validation_params`](#
|
|
363
|
+
A [`validation_params`](#params-6e95a6) block (within [`tls_parameters.common_params`](#tls-parameters-common-params)) supports the following:
|
|
364
364
|
|
|
365
|
-
<a id="
|
|
365
|
+
<a id="verification-30d13d"></a>• [`skip_hostname_verification`](#verification-30d13d) - Optional Bool<br>Skip verification of hostname. When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname
|
|
366
366
|
|
|
367
|
-
<a id="
|
|
367
|
+
<a id="trusted-ca-39c22f"></a>• [`trusted_ca`](#trusted-ca-39c22f) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA](#trusted-ca-39c22f) below.
|
|
368
368
|
|
|
369
|
-
<a id="
|
|
369
|
+
<a id="url-910417"></a>• [`trusted_ca_url`](#url-910417) - Optional String<br>Inline Root CA Certificate (legacy). Inline Root CA Certificate
|
|
370
370
|
|
|
371
|
-
<a id="
|
|
371
|
+
<a id="names-1c97ed"></a>• [`verify_subject_alt_names`](#names-1c97ed) - Optional List<br>List of SANs for matching. List of acceptable Subject Alt Names/CN in the peer's certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer's certificate
|
|
372
372
|
|
|
373
373
|
#### TLS Parameters Common Params Validation Params Trusted CA
|
|
374
374
|
|
|
375
|
-
A [`trusted_ca`](#
|
|
375
|
+
A [`trusted_ca`](#trusted-ca-39c22f) block (within [`tls_parameters.common_params.validation_params`](#params-6e95a6)) supports the following:
|
|
376
376
|
|
|
377
|
-
<a id="
|
|
377
|
+
<a id="list-01ba8e"></a>• [`trusted_ca_list`](#list-01ba8e) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA List](#list-01ba8e) below.
|
|
378
378
|
|
|
379
379
|
#### TLS Parameters Common Params Validation Params Trusted CA Trusted CA List
|
|
380
380
|
|
|
381
|
-
A [`trusted_ca_list`](#
|
|
381
|
+
A [`trusted_ca_list`](#list-01ba8e) block (within [`tls_parameters.common_params.validation_params.trusted_ca`](#trusted-ca-39c22f)) supports the following:
|
|
382
382
|
|
|
383
|
-
<a id="
|
|
383
|
+
<a id="kind-c488bc"></a>• [`kind`](#kind-c488bc) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
384
384
|
|
|
385
|
-
<a id="
|
|
385
|
+
<a id="name-dedff6"></a>• [`name`](#name-dedff6) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
386
386
|
|
|
387
|
-
<a id="
|
|
387
|
+
<a id="namespace-1917fa"></a>• [`namespace`](#namespace-1917fa) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
388
388
|
|
|
389
|
-
<a id="
|
|
389
|
+
<a id="tenant-eb6cbc"></a>• [`tenant`](#tenant-eb6cbc) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
390
390
|
|
|
391
|
-
<a id="
|
|
391
|
+
<a id="uid-a48fb2"></a>• [`uid`](#uid-a48fb2) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
392
392
|
|
|
393
393
|
#### Upstream Conn Pool Reuse Type
|
|
394
394
|
|
|
395
395
|
An [`upstream_conn_pool_reuse_type`](#upstream-conn-pool-reuse-type) block supports the following:
|
|
396
396
|
|
|
397
|
-
<a id="
|
|
397
|
+
<a id="reuse-008a14"></a>• [`disable_conn_pool_reuse`](#reuse-008a14) - Optional Block<br>Enable this option
|
|
398
398
|
|
|
399
|
-
<a id="
|
|
399
|
+
<a id="reuse-ad4462"></a>• [`enable_conn_pool_reuse`](#reuse-ad4462) - Optional Block<br>Enable this option
|
|
400
400
|
|
|
401
401
|
## Import
|
|
402
402
|
|
|
@@ -98,17 +98,17 @@ An [`api_token`](#api-token) block supports the following:
|
|
|
98
98
|
|
|
99
99
|
A [`blindfold_secret_info`](#api-token-blindfold-secret-info) block (within [`api_token`](#api-token)) supports the following:
|
|
100
100
|
|
|
101
|
-
<a id="
|
|
101
|
+
<a id="provider-9e1a18"></a>• [`decryption_provider`](#provider-9e1a18) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
102
102
|
|
|
103
|
-
<a id="
|
|
103
|
+
<a id="location-ae079d"></a>• [`location`](#location-ae079d) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
104
104
|
|
|
105
|
-
<a id="
|
|
105
|
+
<a id="provider-924a2a"></a>• [`store_provider`](#provider-924a2a) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
106
106
|
|
|
107
107
|
#### API Token Clear Secret Info
|
|
108
108
|
|
|
109
109
|
A [`clear_secret_info`](#api-token-clear-secret-info) block (within [`api_token`](#api-token)) supports the following:
|
|
110
110
|
|
|
111
|
-
<a id="
|
|
111
|
+
<a id="ref-c39fa7"></a>• [`provider_ref`](#ref-c39fa7) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
112
112
|
|
|
113
113
|
<a id="api-token-clear-secret-info-url"></a>• [`url`](#api-token-clear-secret-info-url) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
114
114
|
|
|
@@ -130,11 +130,11 @@ A [`password`](#password) block supports the following:
|
|
|
130
130
|
|
|
131
131
|
A [`blindfold_secret_info`](#password-blindfold-secret-info) block (within [`password`](#password)) supports the following:
|
|
132
132
|
|
|
133
|
-
<a id="
|
|
133
|
+
<a id="provider-f3d5d2"></a>• [`decryption_provider`](#provider-f3d5d2) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
134
134
|
|
|
135
135
|
<a id="password-blindfold-secret-info-location"></a>• [`location`](#password-blindfold-secret-info-location) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
136
136
|
|
|
137
|
-
<a id="
|
|
137
|
+
<a id="provider-0e4651"></a>• [`store_provider`](#provider-0e4651) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
138
138
|
|
|
139
139
|
#### Password Clear Secret Info
|
|
140
140
|
|