@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +24 -877
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -108,9 +108,9 @@ An [`enabled_ssh_access`](#enabled-ssh-access) block supports the following:
|
|
|
108
108
|
|
|
109
109
|
A [`node_ssh_ports`](#enabled-ssh-access-node-ssh-ports) block (within [`enabled_ssh_access`](#enabled-ssh-access)) supports the following:
|
|
110
110
|
|
|
111
|
-
<a id="
|
|
111
|
+
<a id="name-111dcd"></a>• [`node_name`](#name-111dcd) - Optional String<br>Node Name. Node name will be used to match a particular node with the desired TCP port
|
|
112
112
|
|
|
113
|
-
<a id="
|
|
113
|
+
<a id="port-0c5575"></a>• [`ssh_port`](#port-0c5575) - Optional Number<br>SSH Port. Enter TCP port per node
|
|
114
114
|
|
|
115
115
|
#### F5 Big IP AWS Service
|
|
116
116
|
|
|
@@ -120,11 +120,11 @@ A [`f5_big_ip_aws_service`](#f5-big-ip-aws-service) block supports the following
|
|
|
120
120
|
|
|
121
121
|
<a id="f5-big-ip-aws-service-admin-username"></a>• [`admin_username`](#f5-big-ip-aws-service-admin-username) - Optional String<br>Admin Username. Admin Username for BIG-IP
|
|
122
122
|
|
|
123
|
-
<a id="
|
|
123
|
+
<a id="params-7322b1"></a>• [`aws_tgw_site_params`](#params-7322b1) - Optional Block<br>BIG-IP AWS TGW Site. BIG-IP AWS TGW site specification<br>See [AWS TGW Site Params](#params-7322b1) below.
|
|
124
124
|
|
|
125
125
|
<a id="f5-big-ip-aws-service-endpoint-service"></a>• [`endpoint_service`](#f5-big-ip-aws-service-endpoint-service) - Optional Block<br>Endpoint Service. Endpoint Service is a type of NFV service where the packets are destined to NFV and service modifies the destination with a new destination address<br>See [Endpoint Service](#f5-big-ip-aws-service-endpoint-service) below.
|
|
126
126
|
|
|
127
|
-
<a id="
|
|
127
|
+
<a id="image-4d64b2"></a>• [`market_place_image`](#image-4d64b2) - Optional Block<br>BIG-IP AWS Pay as You Go Image. BIG-IP AWS Pay as You Go Image Selection<br>See [Market Place Image](#image-4d64b2) below.
|
|
128
128
|
|
|
129
129
|
<a id="f5-big-ip-aws-service-nodes"></a>• [`nodes`](#f5-big-ip-aws-service-nodes) - Optional Block<br>Service Nodes. Specify how and where the service nodes are spawned<br>See [Nodes](#f5-big-ip-aws-service-nodes) below.
|
|
130
130
|
|
|
@@ -136,97 +136,97 @@ A [`f5_big_ip_aws_service`](#f5-big-ip-aws-service) block supports the following
|
|
|
136
136
|
|
|
137
137
|
An [`admin_password`](#f5-big-ip-aws-service-admin-password) block (within [`f5_big_ip_aws_service`](#f5-big-ip-aws-service)) supports the following:
|
|
138
138
|
|
|
139
|
-
<a id="
|
|
139
|
+
<a id="info-937ada"></a>• [`blindfold_secret_info`](#info-937ada) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-937ada) below.
|
|
140
140
|
|
|
141
|
-
<a id="
|
|
141
|
+
<a id="info-a3c75d"></a>• [`clear_secret_info`](#info-a3c75d) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-a3c75d) below.
|
|
142
142
|
|
|
143
143
|
#### F5 Big IP AWS Service Admin Password Blindfold Secret Info
|
|
144
144
|
|
|
145
|
-
A [`blindfold_secret_info`](#
|
|
145
|
+
A [`blindfold_secret_info`](#info-937ada) block (within [`f5_big_ip_aws_service.admin_password`](#f5-big-ip-aws-service-admin-password)) supports the following:
|
|
146
146
|
|
|
147
|
-
<a id="
|
|
147
|
+
<a id="provider-ca6fa3"></a>• [`decryption_provider`](#provider-ca6fa3) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
148
148
|
|
|
149
|
-
<a id="
|
|
149
|
+
<a id="location-53b6be"></a>• [`location`](#location-53b6be) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
150
150
|
|
|
151
|
-
<a id="
|
|
151
|
+
<a id="provider-6451ef"></a>• [`store_provider`](#provider-6451ef) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
152
152
|
|
|
153
153
|
#### F5 Big IP AWS Service Admin Password Clear Secret Info
|
|
154
154
|
|
|
155
|
-
A [`clear_secret_info`](#
|
|
155
|
+
A [`clear_secret_info`](#info-a3c75d) block (within [`f5_big_ip_aws_service.admin_password`](#f5-big-ip-aws-service-admin-password)) supports the following:
|
|
156
156
|
|
|
157
|
-
<a id="
|
|
157
|
+
<a id="ref-79e9d6"></a>• [`provider_ref`](#ref-79e9d6) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
158
158
|
|
|
159
|
-
<a id="
|
|
159
|
+
<a id="url-0043f2"></a>• [`url`](#url-0043f2) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
160
160
|
|
|
161
161
|
#### F5 Big IP AWS Service AWS TGW Site Params
|
|
162
162
|
|
|
163
|
-
An [`aws_tgw_site_params`](#
|
|
163
|
+
An [`aws_tgw_site_params`](#params-7322b1) block (within [`f5_big_ip_aws_service`](#f5-big-ip-aws-service)) supports the following:
|
|
164
164
|
|
|
165
|
-
<a id="
|
|
165
|
+
<a id="site-d5cef8"></a>• [`aws_tgw_site`](#site-d5cef8) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [AWS TGW Site](#site-d5cef8) below.
|
|
166
166
|
|
|
167
167
|
#### F5 Big IP AWS Service AWS TGW Site Params AWS TGW Site
|
|
168
168
|
|
|
169
|
-
An [`aws_tgw_site`](#
|
|
169
|
+
An [`aws_tgw_site`](#site-d5cef8) block (within [`f5_big_ip_aws_service.aws_tgw_site_params`](#params-7322b1)) supports the following:
|
|
170
170
|
|
|
171
|
-
<a id="
|
|
171
|
+
<a id="name-090b93"></a>• [`name`](#name-090b93) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
172
172
|
|
|
173
|
-
<a id="
|
|
173
|
+
<a id="namespace-71f773"></a>• [`namespace`](#namespace-71f773) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
174
174
|
|
|
175
|
-
<a id="
|
|
175
|
+
<a id="tenant-5ded3d"></a>• [`tenant`](#tenant-5ded3d) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
176
176
|
|
|
177
177
|
#### F5 Big IP AWS Service Endpoint Service
|
|
178
178
|
|
|
179
179
|
An [`endpoint_service`](#f5-big-ip-aws-service-endpoint-service) block (within [`f5_big_ip_aws_service`](#f5-big-ip-aws-service)) supports the following:
|
|
180
180
|
|
|
181
|
-
<a id="
|
|
181
|
+
<a id="slo-ip-6fccc9"></a>• [`advertise_on_slo_ip`](#slo-ip-6fccc9) - Optional Block<br>Enable this option
|
|
182
182
|
|
|
183
|
-
<a id="
|
|
183
|
+
<a id="external-c6878c"></a>• [`advertise_on_slo_ip_external`](#external-c6878c) - Optional Block<br>Enable this option
|
|
184
184
|
|
|
185
|
-
<a id="
|
|
185
|
+
<a id="vip-bf0a34"></a>• [`automatic_vip`](#vip-bf0a34) - Optional Block<br>Enable this option
|
|
186
186
|
|
|
187
|
-
<a id="
|
|
187
|
+
<a id="vip-39201b"></a>• [`configured_vip`](#vip-39201b) - Optional String<br>Configured VIP. Enter IP address for the default VIP
|
|
188
188
|
|
|
189
|
-
<a id="
|
|
189
|
+
<a id="ports-afbd6c"></a>• [`custom_tcp_ports`](#ports-afbd6c) - Optional Block<br>Port Range List. List of port ranges<br>See [Custom TCP Ports](#ports-afbd6c) below.
|
|
190
190
|
|
|
191
|
-
<a id="
|
|
191
|
+
<a id="ports-775f61"></a>• [`custom_udp_ports`](#ports-775f61) - Optional Block<br>Port Range List. List of port ranges<br>See [Custom UDP Ports](#ports-775f61) below.
|
|
192
192
|
|
|
193
|
-
<a id="
|
|
193
|
+
<a id="ports-4442b0"></a>• [`default_tcp_ports`](#ports-4442b0) - Optional Block<br>Enable this option
|
|
194
194
|
|
|
195
|
-
<a id="
|
|
195
|
+
<a id="slo-ip-47bf10"></a>• [`disable_advertise_on_slo_ip`](#slo-ip-47bf10) - Optional Block<br>Enable this option
|
|
196
196
|
|
|
197
|
-
<a id="
|
|
197
|
+
<a id="port-926fe7"></a>• [`http_port`](#port-926fe7) - Optional Block<br>Enable this option
|
|
198
198
|
|
|
199
|
-
<a id="
|
|
199
|
+
<a id="port-440dce"></a>• [`https_port`](#port-440dce) - Optional Block<br>Enable this option
|
|
200
200
|
|
|
201
|
-
<a id="
|
|
201
|
+
<a id="ports-4d510f"></a>• [`no_tcp_ports`](#ports-4d510f) - Optional Block<br>Enable this option
|
|
202
202
|
|
|
203
|
-
<a id="
|
|
203
|
+
<a id="ports-abc1e4"></a>• [`no_udp_ports`](#ports-abc1e4) - Optional Block<br>Enable this option
|
|
204
204
|
|
|
205
205
|
#### F5 Big IP AWS Service Endpoint Service Custom TCP Ports
|
|
206
206
|
|
|
207
|
-
A [`custom_tcp_ports`](#
|
|
207
|
+
A [`custom_tcp_ports`](#ports-afbd6c) block (within [`f5_big_ip_aws_service.endpoint_service`](#f5-big-ip-aws-service-endpoint-service)) supports the following:
|
|
208
208
|
|
|
209
|
-
<a id="
|
|
209
|
+
<a id="ports-669cb6"></a>• [`ports`](#ports-669cb6) - Optional List<br>Port Ranges. List of port ranges. Each range is a single port or a pair of start and end ports e.g. 8080-8192
|
|
210
210
|
|
|
211
211
|
#### F5 Big IP AWS Service Endpoint Service Custom UDP Ports
|
|
212
212
|
|
|
213
|
-
A [`custom_udp_ports`](#
|
|
213
|
+
A [`custom_udp_ports`](#ports-775f61) block (within [`f5_big_ip_aws_service.endpoint_service`](#f5-big-ip-aws-service-endpoint-service)) supports the following:
|
|
214
214
|
|
|
215
|
-
<a id="
|
|
215
|
+
<a id="ports-1dc486"></a>• [`ports`](#ports-1dc486) - Optional List<br>Port Ranges. List of port ranges. Each range is a single port or a pair of start and end ports e.g. 8080-8192
|
|
216
216
|
|
|
217
217
|
#### F5 Big IP AWS Service Market Place Image
|
|
218
218
|
|
|
219
|
-
A [`market_place_image`](#
|
|
219
|
+
A [`market_place_image`](#image-4d64b2) block (within [`f5_big_ip_aws_service`](#f5-big-ip-aws-service)) supports the following:
|
|
220
220
|
|
|
221
|
-
<a id="
|
|
221
|
+
<a id="mbps-4a5484"></a>• [`awafpay_g200_mbps`](#mbps-4a5484) - Optional Block<br>Enable this option
|
|
222
222
|
|
|
223
|
-
<a id="
|
|
223
|
+
<a id="gbps-45d6d3"></a>• [`awafpay_g3_gbps`](#gbps-45d6d3) - Optional Block<br>Enable this option
|
|
224
224
|
|
|
225
225
|
#### F5 Big IP AWS Service Nodes
|
|
226
226
|
|
|
227
227
|
A [`nodes`](#f5-big-ip-aws-service-nodes) block (within [`f5_big_ip_aws_service`](#f5-big-ip-aws-service)) supports the following:
|
|
228
228
|
|
|
229
|
-
<a id="
|
|
229
|
+
<a id="prefix-e8faa8"></a>• [`automatic_prefix`](#prefix-e8faa8) - Optional Block<br>Enable this option
|
|
230
230
|
|
|
231
231
|
<a id="f5-big-ip-aws-service-nodes-aws-az-name"></a>• [`aws_az_name`](#f5-big-ip-aws-service-nodes-aws-az-name) - Optional String<br>AWS AZ Name. The AWS Availability Zone must be consistent with the AWS Region chosen. Please select an AZ in the same Region as your TGW Site
|
|
232
232
|
|
|
@@ -234,23 +234,23 @@ A [`nodes`](#f5-big-ip-aws-service-nodes) block (within [`f5_big_ip_aws_service`
|
|
|
234
234
|
|
|
235
235
|
<a id="f5-big-ip-aws-service-nodes-node-name"></a>• [`node_name`](#f5-big-ip-aws-service-nodes-node-name) - Optional String<br>Node Name. Node Name will be used to assign as hostname to the service
|
|
236
236
|
|
|
237
|
-
<a id="
|
|
237
|
+
<a id="subnet-2782dc"></a>• [`reserved_mgmt_subnet`](#subnet-2782dc) - Optional Block<br>Enable this option
|
|
238
238
|
|
|
239
|
-
<a id="
|
|
239
|
+
<a id="prefix-53b238"></a>• [`tunnel_prefix`](#prefix-53b238) - Optional String<br>Tunnel IP Prefix. Enter IP prefix for the tunnel, it has to be /30
|
|
240
240
|
|
|
241
241
|
#### F5 Big IP AWS Service Nodes Mgmt Subnet
|
|
242
242
|
|
|
243
243
|
A [`mgmt_subnet`](#f5-big-ip-aws-service-nodes-mgmt-subnet) block (within [`f5_big_ip_aws_service.nodes`](#f5-big-ip-aws-service-nodes)) supports the following:
|
|
244
244
|
|
|
245
|
-
<a id="
|
|
245
|
+
<a id="subnet-id-f666a1"></a>• [`existing_subnet_id`](#subnet-id-f666a1) - Optional String<br>Existing Subnet ID. Information about existing subnet ID
|
|
246
246
|
|
|
247
|
-
<a id="
|
|
247
|
+
<a id="param-44c864"></a>• [`subnet_param`](#param-44c864) - Optional Block<br>New Cloud Subnet Parameters. Parameters for creating a new cloud subnet<br>See [Subnet Param](#param-44c864) below.
|
|
248
248
|
|
|
249
249
|
#### F5 Big IP AWS Service Nodes Mgmt Subnet Subnet Param
|
|
250
250
|
|
|
251
|
-
A [`subnet_param`](#
|
|
251
|
+
A [`subnet_param`](#param-44c864) block (within [`f5_big_ip_aws_service.nodes.mgmt_subnet`](#f5-big-ip-aws-service-nodes-mgmt-subnet)) supports the following:
|
|
252
252
|
|
|
253
|
-
<a id="
|
|
253
|
+
<a id="ipv4-852430"></a>• [`ipv4`](#ipv4-852430) - Optional String<br>IPv4 Subnet. IPv4 subnet prefix for this subnet
|
|
254
254
|
|
|
255
255
|
#### HTTPS Management
|
|
256
256
|
|
|
@@ -258,11 +258,11 @@ A [`https_management`](#https-management) block supports the following:
|
|
|
258
258
|
|
|
259
259
|
<a id="https-management-advertise-on-internet"></a>• [`advertise_on_internet`](#https-management-advertise-on-internet) - Optional Block<br>Advertise Public. This defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available<br>See [Advertise On Internet](#https-management-advertise-on-internet) below.
|
|
260
260
|
|
|
261
|
-
<a id="
|
|
261
|
+
<a id="vip-00de2c"></a>• [`advertise_on_internet_default_vip`](#vip-00de2c) - Optional Block<br>Enable this option
|
|
262
262
|
|
|
263
263
|
<a id="https-management-advertise-on-sli-vip"></a>• [`advertise_on_sli_vip`](#https-management-advertise-on-sli-vip) - Optional Block<br>Inline TLS Parameters. Inline TLS parameters<br>See [Advertise On SLI VIP](#https-management-advertise-on-sli-vip) below.
|
|
264
264
|
|
|
265
|
-
<a id="
|
|
265
|
+
<a id="vip-6dd6e5"></a>• [`advertise_on_slo_internet_vip`](#vip-6dd6e5) - Optional Block<br>Inline TLS Parameters. Inline TLS parameters<br>See [Advertise On Slo Internet VIP](#vip-6dd6e5) below.
|
|
266
266
|
|
|
267
267
|
<a id="https-management-advertise-on-slo-sli"></a>• [`advertise_on_slo_sli`](#https-management-advertise-on-slo-sli) - Optional Block<br>Inline TLS Parameters. Inline TLS parameters<br>See [Advertise On Slo SLI](#https-management-advertise-on-slo-sli) below.
|
|
268
268
|
|
|
@@ -278,521 +278,521 @@ A [`https_management`](#https-management) block supports the following:
|
|
|
278
278
|
|
|
279
279
|
An [`advertise_on_internet`](#https-management-advertise-on-internet) block (within [`https_management`](#https-management)) supports the following:
|
|
280
280
|
|
|
281
|
-
<a id="
|
|
281
|
+
<a id="public-ip-e501cc"></a>• [`public_ip`](#public-ip-e501cc) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Public IP](#public-ip-e501cc) below.
|
|
282
282
|
|
|
283
283
|
#### HTTPS Management Advertise On Internet Public IP
|
|
284
284
|
|
|
285
|
-
A [`public_ip`](#
|
|
285
|
+
A [`public_ip`](#public-ip-e501cc) block (within [`https_management.advertise_on_internet`](#https-management-advertise-on-internet)) supports the following:
|
|
286
286
|
|
|
287
|
-
<a id="
|
|
287
|
+
<a id="name-c549a1"></a>• [`name`](#name-c549a1) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
288
288
|
|
|
289
|
-
<a id="
|
|
289
|
+
<a id="namespace-8fcb5e"></a>• [`namespace`](#namespace-8fcb5e) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
290
290
|
|
|
291
|
-
<a id="
|
|
291
|
+
<a id="tenant-5cb820"></a>• [`tenant`](#tenant-5cb820) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
292
292
|
|
|
293
293
|
#### HTTPS Management Advertise On SLI VIP
|
|
294
294
|
|
|
295
295
|
An [`advertise_on_sli_vip`](#https-management-advertise-on-sli-vip) block (within [`https_management`](#https-management)) supports the following:
|
|
296
296
|
|
|
297
|
-
<a id="
|
|
297
|
+
<a id="mtls-1bd8e3"></a>• [`no_mtls`](#mtls-1bd8e3) - Optional Block<br>Enable this option
|
|
298
298
|
|
|
299
|
-
<a id="
|
|
299
|
+
<a id="certificates-5355d7"></a>• [`tls_certificates`](#certificates-5355d7) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-5355d7) below.
|
|
300
300
|
|
|
301
|
-
<a id="
|
|
301
|
+
<a id="config-9f094b"></a>• [`tls_config`](#config-9f094b) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-9f094b) below.
|
|
302
302
|
|
|
303
|
-
<a id="
|
|
303
|
+
<a id="mtls-c1dce4"></a>• [`use_mtls`](#mtls-c1dce4) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-c1dce4) below.
|
|
304
304
|
|
|
305
305
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates
|
|
306
306
|
|
|
307
|
-
A [`tls_certificates`](#
|
|
307
|
+
A [`tls_certificates`](#certificates-5355d7) block (within [`https_management.advertise_on_sli_vip`](#https-management-advertise-on-sli-vip)) supports the following:
|
|
308
308
|
|
|
309
|
-
<a id="
|
|
309
|
+
<a id="url-6da58e"></a>• [`certificate_url`](#url-6da58e) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
310
310
|
|
|
311
|
-
<a id="
|
|
311
|
+
<a id="algorithms-df25ed"></a>• [`custom_hash_algorithms`](#algorithms-df25ed) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-df25ed) below.
|
|
312
312
|
|
|
313
|
-
<a id="
|
|
313
|
+
<a id="spec-ca69ee"></a>• [`description_spec`](#spec-ca69ee) - Optional String<br>Description. Description for the certificate
|
|
314
314
|
|
|
315
|
-
<a id="
|
|
315
|
+
<a id="stapling-2e3125"></a>• [`disable_ocsp_stapling`](#stapling-2e3125) - Optional Block<br>Enable this option
|
|
316
316
|
|
|
317
|
-
<a id="
|
|
317
|
+
<a id="key-7c0097"></a>• [`private_key`](#key-7c0097) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-7c0097) below.
|
|
318
318
|
|
|
319
|
-
<a id="
|
|
319
|
+
<a id="defaults-18ac4e"></a>• [`use_system_defaults`](#defaults-18ac4e) - Optional Block<br>Enable this option
|
|
320
320
|
|
|
321
321
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Custom Hash Algorithms
|
|
322
322
|
|
|
323
|
-
A [`custom_hash_algorithms`](#
|
|
323
|
+
A [`custom_hash_algorithms`](#algorithms-df25ed) block (within [`https_management.advertise_on_sli_vip.tls_certificates`](#certificates-5355d7)) supports the following:
|
|
324
324
|
|
|
325
|
-
<a id="
|
|
325
|
+
<a id="algorithms-083c58"></a>• [`hash_algorithms`](#algorithms-083c58) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
326
326
|
|
|
327
327
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Private Key
|
|
328
328
|
|
|
329
|
-
A [`private_key`](#
|
|
329
|
+
A [`private_key`](#key-7c0097) block (within [`https_management.advertise_on_sli_vip.tls_certificates`](#certificates-5355d7)) supports the following:
|
|
330
330
|
|
|
331
|
-
<a id="
|
|
331
|
+
<a id="info-d9df15"></a>• [`blindfold_secret_info`](#info-d9df15) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-d9df15) below.
|
|
332
332
|
|
|
333
|
-
<a id="
|
|
333
|
+
<a id="info-54e3b2"></a>• [`clear_secret_info`](#info-54e3b2) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-54e3b2) below.
|
|
334
334
|
|
|
335
335
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Private Key Blindfold Secret Info
|
|
336
336
|
|
|
337
|
-
A [`blindfold_secret_info`](#
|
|
337
|
+
A [`blindfold_secret_info`](#info-d9df15) block (within [`https_management.advertise_on_sli_vip.tls_certificates.private_key`](#key-7c0097)) supports the following:
|
|
338
338
|
|
|
339
|
-
<a id="
|
|
339
|
+
<a id="provider-5f1a70"></a>• [`decryption_provider`](#provider-5f1a70) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
340
340
|
|
|
341
|
-
<a id="
|
|
341
|
+
<a id="location-fa523c"></a>• [`location`](#location-fa523c) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
342
342
|
|
|
343
|
-
<a id="
|
|
343
|
+
<a id="provider-12c9c1"></a>• [`store_provider`](#provider-12c9c1) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
344
344
|
|
|
345
345
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Private Key Clear Secret Info
|
|
346
346
|
|
|
347
|
-
A [`clear_secret_info`](#
|
|
347
|
+
A [`clear_secret_info`](#info-54e3b2) block (within [`https_management.advertise_on_sli_vip.tls_certificates.private_key`](#key-7c0097)) supports the following:
|
|
348
348
|
|
|
349
|
-
<a id="
|
|
349
|
+
<a id="ref-98dcbd"></a>• [`provider_ref`](#ref-98dcbd) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
350
350
|
|
|
351
|
-
<a id="
|
|
351
|
+
<a id="url-ab8c1e"></a>• [`url`](#url-ab8c1e) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
352
352
|
|
|
353
353
|
#### HTTPS Management Advertise On SLI VIP TLS Config
|
|
354
354
|
|
|
355
|
-
A [`tls_config`](#
|
|
355
|
+
A [`tls_config`](#config-9f094b) block (within [`https_management.advertise_on_sli_vip`](#https-management-advertise-on-sli-vip)) supports the following:
|
|
356
356
|
|
|
357
|
-
<a id="
|
|
357
|
+
<a id="security-dfdc05"></a>• [`custom_security`](#security-dfdc05) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-dfdc05) below.
|
|
358
358
|
|
|
359
|
-
<a id="
|
|
359
|
+
<a id="security-9de532"></a>• [`default_security`](#security-9de532) - Optional Block<br>Enable this option
|
|
360
360
|
|
|
361
|
-
<a id="
|
|
361
|
+
<a id="security-69850d"></a>• [`low_security`](#security-69850d) - Optional Block<br>Enable this option
|
|
362
362
|
|
|
363
|
-
<a id="
|
|
363
|
+
<a id="security-214afa"></a>• [`medium_security`](#security-214afa) - Optional Block<br>Enable this option
|
|
364
364
|
|
|
365
365
|
#### HTTPS Management Advertise On SLI VIP TLS Config Custom Security
|
|
366
366
|
|
|
367
|
-
A [`custom_security`](#
|
|
367
|
+
A [`custom_security`](#security-dfdc05) block (within [`https_management.advertise_on_sli_vip.tls_config`](#config-9f094b)) supports the following:
|
|
368
368
|
|
|
369
|
-
<a id="
|
|
369
|
+
<a id="suites-fb1fde"></a>• [`cipher_suites`](#suites-fb1fde) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
370
370
|
|
|
371
|
-
<a id="
|
|
371
|
+
<a id="version-b07adb"></a>• [`max_version`](#version-b07adb) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
372
372
|
|
|
373
|
-
<a id="
|
|
373
|
+
<a id="version-2c0f87"></a>• [`min_version`](#version-2c0f87) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
374
374
|
|
|
375
375
|
#### HTTPS Management Advertise On SLI VIP Use mTLS
|
|
376
376
|
|
|
377
|
-
An [`use_mtls`](#
|
|
377
|
+
An [`use_mtls`](#mtls-c1dce4) block (within [`https_management.advertise_on_sli_vip`](#https-management-advertise-on-sli-vip)) supports the following:
|
|
378
378
|
|
|
379
|
-
<a id="
|
|
379
|
+
<a id="optional-68adb9"></a>• [`client_certificate_optional`](#optional-68adb9) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
380
380
|
|
|
381
|
-
<a id="
|
|
381
|
+
<a id="crl-19936d"></a>• [`crl`](#crl-19936d) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-19936d) below.
|
|
382
382
|
|
|
383
|
-
<a id="
|
|
383
|
+
<a id="crl-fac420"></a>• [`no_crl`](#crl-fac420) - Optional Block<br>Enable this option
|
|
384
384
|
|
|
385
|
-
<a id="
|
|
385
|
+
<a id="trusted-ca-b9e38a"></a>• [`trusted_ca`](#trusted-ca-b9e38a) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-b9e38a) below.
|
|
386
386
|
|
|
387
|
-
<a id="
|
|
387
|
+
<a id="url-b6ba65"></a>• [`trusted_ca_url`](#url-b6ba65) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
388
388
|
|
|
389
|
-
<a id="
|
|
389
|
+
<a id="disabled-e8c4ec"></a>• [`xfcc_disabled`](#disabled-e8c4ec) - Optional Block<br>Enable this option
|
|
390
390
|
|
|
391
|
-
<a id="
|
|
391
|
+
<a id="options-ca97b0"></a>• [`xfcc_options`](#options-ca97b0) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-ca97b0) below.
|
|
392
392
|
|
|
393
393
|
#### HTTPS Management Advertise On SLI VIP Use mTLS CRL
|
|
394
394
|
|
|
395
|
-
A [`crl`](#
|
|
395
|
+
A [`crl`](#crl-19936d) block (within [`https_management.advertise_on_sli_vip.use_mtls`](#mtls-c1dce4)) supports the following:
|
|
396
396
|
|
|
397
|
-
<a id="
|
|
397
|
+
<a id="name-fed988"></a>• [`name`](#name-fed988) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
398
398
|
|
|
399
|
-
<a id="
|
|
399
|
+
<a id="namespace-b0813f"></a>• [`namespace`](#namespace-b0813f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
400
400
|
|
|
401
|
-
<a id="
|
|
401
|
+
<a id="tenant-374a05"></a>• [`tenant`](#tenant-374a05) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
402
402
|
|
|
403
403
|
#### HTTPS Management Advertise On SLI VIP Use mTLS Trusted CA
|
|
404
404
|
|
|
405
|
-
A [`trusted_ca`](#
|
|
405
|
+
A [`trusted_ca`](#trusted-ca-b9e38a) block (within [`https_management.advertise_on_sli_vip.use_mtls`](#mtls-c1dce4)) supports the following:
|
|
406
406
|
|
|
407
|
-
<a id="
|
|
407
|
+
<a id="name-1925aa"></a>• [`name`](#name-1925aa) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
408
408
|
|
|
409
|
-
<a id="
|
|
409
|
+
<a id="namespace-65c37d"></a>• [`namespace`](#namespace-65c37d) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
410
410
|
|
|
411
|
-
<a id="
|
|
411
|
+
<a id="tenant-2c045b"></a>• [`tenant`](#tenant-2c045b) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
412
412
|
|
|
413
413
|
#### HTTPS Management Advertise On SLI VIP Use mTLS Xfcc Options
|
|
414
414
|
|
|
415
|
-
A [`xfcc_options`](#
|
|
415
|
+
A [`xfcc_options`](#options-ca97b0) block (within [`https_management.advertise_on_sli_vip.use_mtls`](#mtls-c1dce4)) supports the following:
|
|
416
416
|
|
|
417
|
-
<a id="
|
|
417
|
+
<a id="elements-1f3d82"></a>• [`xfcc_header_elements`](#elements-1f3d82) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
418
418
|
|
|
419
419
|
#### HTTPS Management Advertise On Slo Internet VIP
|
|
420
420
|
|
|
421
|
-
An [`advertise_on_slo_internet_vip`](#
|
|
421
|
+
An [`advertise_on_slo_internet_vip`](#vip-6dd6e5) block (within [`https_management`](#https-management)) supports the following:
|
|
422
422
|
|
|
423
|
-
<a id="
|
|
423
|
+
<a id="mtls-65c4ed"></a>• [`no_mtls`](#mtls-65c4ed) - Optional Block<br>Enable this option
|
|
424
424
|
|
|
425
|
-
<a id="
|
|
425
|
+
<a id="certificates-748bff"></a>• [`tls_certificates`](#certificates-748bff) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-748bff) below.
|
|
426
426
|
|
|
427
|
-
<a id="
|
|
427
|
+
<a id="config-3dcb79"></a>• [`tls_config`](#config-3dcb79) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-3dcb79) below.
|
|
428
428
|
|
|
429
|
-
<a id="
|
|
429
|
+
<a id="mtls-2fcd89"></a>• [`use_mtls`](#mtls-2fcd89) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-2fcd89) below.
|
|
430
430
|
|
|
431
431
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates
|
|
432
432
|
|
|
433
|
-
A [`tls_certificates`](#
|
|
433
|
+
A [`tls_certificates`](#certificates-748bff) block (within [`https_management.advertise_on_slo_internet_vip`](#vip-6dd6e5)) supports the following:
|
|
434
434
|
|
|
435
|
-
<a id="
|
|
435
|
+
<a id="url-538fd1"></a>• [`certificate_url`](#url-538fd1) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
436
436
|
|
|
437
|
-
<a id="
|
|
437
|
+
<a id="algorithms-396399"></a>• [`custom_hash_algorithms`](#algorithms-396399) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-396399) below.
|
|
438
438
|
|
|
439
|
-
<a id="
|
|
439
|
+
<a id="spec-319b4d"></a>• [`description_spec`](#spec-319b4d) - Optional String<br>Description. Description for the certificate
|
|
440
440
|
|
|
441
|
-
<a id="
|
|
441
|
+
<a id="stapling-26e75e"></a>• [`disable_ocsp_stapling`](#stapling-26e75e) - Optional Block<br>Enable this option
|
|
442
442
|
|
|
443
|
-
<a id="
|
|
443
|
+
<a id="key-d9eadd"></a>• [`private_key`](#key-d9eadd) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-d9eadd) below.
|
|
444
444
|
|
|
445
|
-
<a id="
|
|
445
|
+
<a id="defaults-eae44a"></a>• [`use_system_defaults`](#defaults-eae44a) - Optional Block<br>Enable this option
|
|
446
446
|
|
|
447
447
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Custom Hash Algorithms
|
|
448
448
|
|
|
449
|
-
A [`custom_hash_algorithms`](#
|
|
449
|
+
A [`custom_hash_algorithms`](#algorithms-396399) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates`](#certificates-748bff)) supports the following:
|
|
450
450
|
|
|
451
|
-
<a id="
|
|
451
|
+
<a id="algorithms-0fe11a"></a>• [`hash_algorithms`](#algorithms-0fe11a) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
452
452
|
|
|
453
453
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Private Key
|
|
454
454
|
|
|
455
|
-
A [`private_key`](#
|
|
455
|
+
A [`private_key`](#key-d9eadd) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates`](#certificates-748bff)) supports the following:
|
|
456
456
|
|
|
457
|
-
<a id="
|
|
457
|
+
<a id="info-fb4948"></a>• [`blindfold_secret_info`](#info-fb4948) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-fb4948) below.
|
|
458
458
|
|
|
459
|
-
<a id="
|
|
459
|
+
<a id="info-7e382d"></a>• [`clear_secret_info`](#info-7e382d) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-7e382d) below.
|
|
460
460
|
|
|
461
461
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Private Key Blindfold Secret Info
|
|
462
462
|
|
|
463
|
-
A [`blindfold_secret_info`](#
|
|
463
|
+
A [`blindfold_secret_info`](#info-fb4948) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates.private_key`](#key-d9eadd)) supports the following:
|
|
464
464
|
|
|
465
|
-
<a id="
|
|
465
|
+
<a id="provider-3f630f"></a>• [`decryption_provider`](#provider-3f630f) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
466
466
|
|
|
467
|
-
<a id="
|
|
467
|
+
<a id="location-da3b9c"></a>• [`location`](#location-da3b9c) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
468
468
|
|
|
469
|
-
<a id="
|
|
469
|
+
<a id="provider-84b5f6"></a>• [`store_provider`](#provider-84b5f6) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
470
470
|
|
|
471
471
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Private Key Clear Secret Info
|
|
472
472
|
|
|
473
|
-
A [`clear_secret_info`](#
|
|
473
|
+
A [`clear_secret_info`](#info-7e382d) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates.private_key`](#key-d9eadd)) supports the following:
|
|
474
474
|
|
|
475
|
-
<a id="
|
|
475
|
+
<a id="ref-218907"></a>• [`provider_ref`](#ref-218907) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
476
476
|
|
|
477
|
-
<a id="
|
|
477
|
+
<a id="url-19877d"></a>• [`url`](#url-19877d) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
478
478
|
|
|
479
479
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Config
|
|
480
480
|
|
|
481
|
-
A [`tls_config`](#
|
|
481
|
+
A [`tls_config`](#config-3dcb79) block (within [`https_management.advertise_on_slo_internet_vip`](#vip-6dd6e5)) supports the following:
|
|
482
482
|
|
|
483
|
-
<a id="
|
|
483
|
+
<a id="security-b809cf"></a>• [`custom_security`](#security-b809cf) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-b809cf) below.
|
|
484
484
|
|
|
485
|
-
<a id="
|
|
485
|
+
<a id="security-e059f2"></a>• [`default_security`](#security-e059f2) - Optional Block<br>Enable this option
|
|
486
486
|
|
|
487
|
-
<a id="
|
|
487
|
+
<a id="security-9a6aa9"></a>• [`low_security`](#security-9a6aa9) - Optional Block<br>Enable this option
|
|
488
488
|
|
|
489
|
-
<a id="
|
|
489
|
+
<a id="security-e4549d"></a>• [`medium_security`](#security-e4549d) - Optional Block<br>Enable this option
|
|
490
490
|
|
|
491
491
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Config Custom Security
|
|
492
492
|
|
|
493
|
-
A [`custom_security`](#
|
|
493
|
+
A [`custom_security`](#security-b809cf) block (within [`https_management.advertise_on_slo_internet_vip.tls_config`](#config-3dcb79)) supports the following:
|
|
494
494
|
|
|
495
|
-
<a id="
|
|
495
|
+
<a id="suites-8ab58a"></a>• [`cipher_suites`](#suites-8ab58a) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
496
496
|
|
|
497
|
-
<a id="
|
|
497
|
+
<a id="version-fe0ab6"></a>• [`max_version`](#version-fe0ab6) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
498
498
|
|
|
499
|
-
<a id="
|
|
499
|
+
<a id="version-c193af"></a>• [`min_version`](#version-c193af) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
500
500
|
|
|
501
501
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS
|
|
502
502
|
|
|
503
|
-
An [`use_mtls`](#
|
|
503
|
+
An [`use_mtls`](#mtls-2fcd89) block (within [`https_management.advertise_on_slo_internet_vip`](#vip-6dd6e5)) supports the following:
|
|
504
504
|
|
|
505
|
-
<a id="
|
|
505
|
+
<a id="optional-bb69f8"></a>• [`client_certificate_optional`](#optional-bb69f8) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
506
506
|
|
|
507
|
-
<a id="
|
|
507
|
+
<a id="crl-d07bf8"></a>• [`crl`](#crl-d07bf8) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-d07bf8) below.
|
|
508
508
|
|
|
509
|
-
<a id="
|
|
509
|
+
<a id="crl-aeab3f"></a>• [`no_crl`](#crl-aeab3f) - Optional Block<br>Enable this option
|
|
510
510
|
|
|
511
|
-
<a id="
|
|
511
|
+
<a id="trusted-ca-046a20"></a>• [`trusted_ca`](#trusted-ca-046a20) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-046a20) below.
|
|
512
512
|
|
|
513
|
-
<a id="
|
|
513
|
+
<a id="url-248df7"></a>• [`trusted_ca_url`](#url-248df7) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
514
514
|
|
|
515
|
-
<a id="
|
|
515
|
+
<a id="disabled-369402"></a>• [`xfcc_disabled`](#disabled-369402) - Optional Block<br>Enable this option
|
|
516
516
|
|
|
517
|
-
<a id="
|
|
517
|
+
<a id="options-683773"></a>• [`xfcc_options`](#options-683773) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-683773) below.
|
|
518
518
|
|
|
519
519
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS CRL
|
|
520
520
|
|
|
521
|
-
A [`crl`](#
|
|
521
|
+
A [`crl`](#crl-d07bf8) block (within [`https_management.advertise_on_slo_internet_vip.use_mtls`](#mtls-2fcd89)) supports the following:
|
|
522
522
|
|
|
523
|
-
<a id="
|
|
523
|
+
<a id="name-7fe25b"></a>• [`name`](#name-7fe25b) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
524
524
|
|
|
525
|
-
<a id="
|
|
525
|
+
<a id="namespace-a1ad51"></a>• [`namespace`](#namespace-a1ad51) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
526
526
|
|
|
527
|
-
<a id="
|
|
527
|
+
<a id="tenant-3af425"></a>• [`tenant`](#tenant-3af425) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
528
528
|
|
|
529
529
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS Trusted CA
|
|
530
530
|
|
|
531
|
-
A [`trusted_ca`](#
|
|
531
|
+
A [`trusted_ca`](#trusted-ca-046a20) block (within [`https_management.advertise_on_slo_internet_vip.use_mtls`](#mtls-2fcd89)) supports the following:
|
|
532
532
|
|
|
533
|
-
<a id="
|
|
533
|
+
<a id="name-f0c02e"></a>• [`name`](#name-f0c02e) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
534
534
|
|
|
535
|
-
<a id="
|
|
535
|
+
<a id="namespace-571413"></a>• [`namespace`](#namespace-571413) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
536
536
|
|
|
537
|
-
<a id="
|
|
537
|
+
<a id="tenant-b6f682"></a>• [`tenant`](#tenant-b6f682) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
538
538
|
|
|
539
539
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS Xfcc Options
|
|
540
540
|
|
|
541
|
-
A [`xfcc_options`](#
|
|
541
|
+
A [`xfcc_options`](#options-683773) block (within [`https_management.advertise_on_slo_internet_vip.use_mtls`](#mtls-2fcd89)) supports the following:
|
|
542
542
|
|
|
543
|
-
<a id="
|
|
543
|
+
<a id="elements-37d5da"></a>• [`xfcc_header_elements`](#elements-37d5da) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
544
544
|
|
|
545
545
|
#### HTTPS Management Advertise On Slo SLI
|
|
546
546
|
|
|
547
547
|
An [`advertise_on_slo_sli`](#https-management-advertise-on-slo-sli) block (within [`https_management`](#https-management)) supports the following:
|
|
548
548
|
|
|
549
|
-
<a id="
|
|
549
|
+
<a id="mtls-e2f684"></a>• [`no_mtls`](#mtls-e2f684) - Optional Block<br>Enable this option
|
|
550
550
|
|
|
551
|
-
<a id="
|
|
551
|
+
<a id="certificates-b923c1"></a>• [`tls_certificates`](#certificates-b923c1) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-b923c1) below.
|
|
552
552
|
|
|
553
|
-
<a id="
|
|
553
|
+
<a id="config-2cd93f"></a>• [`tls_config`](#config-2cd93f) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-2cd93f) below.
|
|
554
554
|
|
|
555
|
-
<a id="
|
|
555
|
+
<a id="mtls-b8036a"></a>• [`use_mtls`](#mtls-b8036a) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-b8036a) below.
|
|
556
556
|
|
|
557
557
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates
|
|
558
558
|
|
|
559
|
-
A [`tls_certificates`](#
|
|
559
|
+
A [`tls_certificates`](#certificates-b923c1) block (within [`https_management.advertise_on_slo_sli`](#https-management-advertise-on-slo-sli)) supports the following:
|
|
560
560
|
|
|
561
|
-
<a id="
|
|
561
|
+
<a id="url-599a7a"></a>• [`certificate_url`](#url-599a7a) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
562
562
|
|
|
563
|
-
<a id="
|
|
563
|
+
<a id="algorithms-54e57d"></a>• [`custom_hash_algorithms`](#algorithms-54e57d) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-54e57d) below.
|
|
564
564
|
|
|
565
|
-
<a id="
|
|
565
|
+
<a id="spec-674aab"></a>• [`description_spec`](#spec-674aab) - Optional String<br>Description. Description for the certificate
|
|
566
566
|
|
|
567
|
-
<a id="
|
|
567
|
+
<a id="stapling-2445e8"></a>• [`disable_ocsp_stapling`](#stapling-2445e8) - Optional Block<br>Enable this option
|
|
568
568
|
|
|
569
|
-
<a id="
|
|
569
|
+
<a id="key-f51e15"></a>• [`private_key`](#key-f51e15) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-f51e15) below.
|
|
570
570
|
|
|
571
|
-
<a id="
|
|
571
|
+
<a id="defaults-bb55aa"></a>• [`use_system_defaults`](#defaults-bb55aa) - Optional Block<br>Enable this option
|
|
572
572
|
|
|
573
573
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Custom Hash Algorithms
|
|
574
574
|
|
|
575
|
-
A [`custom_hash_algorithms`](#
|
|
575
|
+
A [`custom_hash_algorithms`](#algorithms-54e57d) block (within [`https_management.advertise_on_slo_sli.tls_certificates`](#certificates-b923c1)) supports the following:
|
|
576
576
|
|
|
577
|
-
<a id="
|
|
577
|
+
<a id="algorithms-c29f03"></a>• [`hash_algorithms`](#algorithms-c29f03) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
578
578
|
|
|
579
579
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Private Key
|
|
580
580
|
|
|
581
|
-
A [`private_key`](#
|
|
581
|
+
A [`private_key`](#key-f51e15) block (within [`https_management.advertise_on_slo_sli.tls_certificates`](#certificates-b923c1)) supports the following:
|
|
582
582
|
|
|
583
|
-
<a id="
|
|
583
|
+
<a id="info-4c3e9e"></a>• [`blindfold_secret_info`](#info-4c3e9e) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-4c3e9e) below.
|
|
584
584
|
|
|
585
|
-
<a id="
|
|
585
|
+
<a id="info-0591f3"></a>• [`clear_secret_info`](#info-0591f3) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-0591f3) below.
|
|
586
586
|
|
|
587
587
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Private Key Blindfold Secret Info
|
|
588
588
|
|
|
589
|
-
A [`blindfold_secret_info`](#
|
|
589
|
+
A [`blindfold_secret_info`](#info-4c3e9e) block (within [`https_management.advertise_on_slo_sli.tls_certificates.private_key`](#key-f51e15)) supports the following:
|
|
590
590
|
|
|
591
|
-
<a id="
|
|
591
|
+
<a id="provider-77378b"></a>• [`decryption_provider`](#provider-77378b) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
592
592
|
|
|
593
|
-
<a id="
|
|
593
|
+
<a id="location-6e8882"></a>• [`location`](#location-6e8882) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
594
594
|
|
|
595
|
-
<a id="
|
|
595
|
+
<a id="provider-23e4a9"></a>• [`store_provider`](#provider-23e4a9) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
596
596
|
|
|
597
597
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Private Key Clear Secret Info
|
|
598
598
|
|
|
599
|
-
A [`clear_secret_info`](#
|
|
599
|
+
A [`clear_secret_info`](#info-0591f3) block (within [`https_management.advertise_on_slo_sli.tls_certificates.private_key`](#key-f51e15)) supports the following:
|
|
600
600
|
|
|
601
|
-
<a id="
|
|
601
|
+
<a id="ref-2692e5"></a>• [`provider_ref`](#ref-2692e5) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
602
602
|
|
|
603
|
-
<a id="
|
|
603
|
+
<a id="url-9ede10"></a>• [`url`](#url-9ede10) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
604
604
|
|
|
605
605
|
#### HTTPS Management Advertise On Slo SLI TLS Config
|
|
606
606
|
|
|
607
|
-
A [`tls_config`](#
|
|
607
|
+
A [`tls_config`](#config-2cd93f) block (within [`https_management.advertise_on_slo_sli`](#https-management-advertise-on-slo-sli)) supports the following:
|
|
608
608
|
|
|
609
|
-
<a id="
|
|
609
|
+
<a id="security-57cb09"></a>• [`custom_security`](#security-57cb09) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-57cb09) below.
|
|
610
610
|
|
|
611
|
-
<a id="
|
|
611
|
+
<a id="security-66b767"></a>• [`default_security`](#security-66b767) - Optional Block<br>Enable this option
|
|
612
612
|
|
|
613
|
-
<a id="
|
|
613
|
+
<a id="security-bc0213"></a>• [`low_security`](#security-bc0213) - Optional Block<br>Enable this option
|
|
614
614
|
|
|
615
|
-
<a id="
|
|
615
|
+
<a id="security-23b628"></a>• [`medium_security`](#security-23b628) - Optional Block<br>Enable this option
|
|
616
616
|
|
|
617
617
|
#### HTTPS Management Advertise On Slo SLI TLS Config Custom Security
|
|
618
618
|
|
|
619
|
-
A [`custom_security`](#
|
|
619
|
+
A [`custom_security`](#security-57cb09) block (within [`https_management.advertise_on_slo_sli.tls_config`](#config-2cd93f)) supports the following:
|
|
620
620
|
|
|
621
|
-
<a id="
|
|
621
|
+
<a id="suites-17c459"></a>• [`cipher_suites`](#suites-17c459) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
622
622
|
|
|
623
|
-
<a id="
|
|
623
|
+
<a id="version-941401"></a>• [`max_version`](#version-941401) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
624
624
|
|
|
625
|
-
<a id="
|
|
625
|
+
<a id="version-cc08f5"></a>• [`min_version`](#version-cc08f5) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
626
626
|
|
|
627
627
|
#### HTTPS Management Advertise On Slo SLI Use mTLS
|
|
628
628
|
|
|
629
|
-
An [`use_mtls`](#
|
|
629
|
+
An [`use_mtls`](#mtls-b8036a) block (within [`https_management.advertise_on_slo_sli`](#https-management-advertise-on-slo-sli)) supports the following:
|
|
630
630
|
|
|
631
|
-
<a id="
|
|
631
|
+
<a id="optional-c1d942"></a>• [`client_certificate_optional`](#optional-c1d942) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
632
632
|
|
|
633
|
-
<a id="
|
|
633
|
+
<a id="crl-341796"></a>• [`crl`](#crl-341796) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-341796) below.
|
|
634
634
|
|
|
635
|
-
<a id="
|
|
635
|
+
<a id="crl-438487"></a>• [`no_crl`](#crl-438487) - Optional Block<br>Enable this option
|
|
636
636
|
|
|
637
|
-
<a id="
|
|
637
|
+
<a id="trusted-ca-baa118"></a>• [`trusted_ca`](#trusted-ca-baa118) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-baa118) below.
|
|
638
638
|
|
|
639
|
-
<a id="
|
|
639
|
+
<a id="url-379c50"></a>• [`trusted_ca_url`](#url-379c50) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
640
640
|
|
|
641
|
-
<a id="
|
|
641
|
+
<a id="disabled-d3e7d3"></a>• [`xfcc_disabled`](#disabled-d3e7d3) - Optional Block<br>Enable this option
|
|
642
642
|
|
|
643
|
-
<a id="
|
|
643
|
+
<a id="options-375329"></a>• [`xfcc_options`](#options-375329) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-375329) below.
|
|
644
644
|
|
|
645
645
|
#### HTTPS Management Advertise On Slo SLI Use mTLS CRL
|
|
646
646
|
|
|
647
|
-
A [`crl`](#
|
|
647
|
+
A [`crl`](#crl-341796) block (within [`https_management.advertise_on_slo_sli.use_mtls`](#mtls-b8036a)) supports the following:
|
|
648
648
|
|
|
649
|
-
<a id="
|
|
649
|
+
<a id="name-58addb"></a>• [`name`](#name-58addb) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
650
650
|
|
|
651
|
-
<a id="
|
|
651
|
+
<a id="namespace-cc6b41"></a>• [`namespace`](#namespace-cc6b41) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
652
652
|
|
|
653
|
-
<a id="
|
|
653
|
+
<a id="tenant-9a7435"></a>• [`tenant`](#tenant-9a7435) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
654
654
|
|
|
655
655
|
#### HTTPS Management Advertise On Slo SLI Use mTLS Trusted CA
|
|
656
656
|
|
|
657
|
-
A [`trusted_ca`](#
|
|
657
|
+
A [`trusted_ca`](#trusted-ca-baa118) block (within [`https_management.advertise_on_slo_sli.use_mtls`](#mtls-b8036a)) supports the following:
|
|
658
658
|
|
|
659
|
-
<a id="
|
|
659
|
+
<a id="name-db371b"></a>• [`name`](#name-db371b) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
660
660
|
|
|
661
|
-
<a id="
|
|
661
|
+
<a id="namespace-57369f"></a>• [`namespace`](#namespace-57369f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
662
662
|
|
|
663
|
-
<a id="
|
|
663
|
+
<a id="tenant-e6475c"></a>• [`tenant`](#tenant-e6475c) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
664
664
|
|
|
665
665
|
#### HTTPS Management Advertise On Slo SLI Use mTLS Xfcc Options
|
|
666
666
|
|
|
667
|
-
A [`xfcc_options`](#
|
|
667
|
+
A [`xfcc_options`](#options-375329) block (within [`https_management.advertise_on_slo_sli.use_mtls`](#mtls-b8036a)) supports the following:
|
|
668
668
|
|
|
669
|
-
<a id="
|
|
669
|
+
<a id="elements-c28be3"></a>• [`xfcc_header_elements`](#elements-c28be3) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
670
670
|
|
|
671
671
|
#### HTTPS Management Advertise On Slo VIP
|
|
672
672
|
|
|
673
673
|
An [`advertise_on_slo_vip`](#https-management-advertise-on-slo-vip) block (within [`https_management`](#https-management)) supports the following:
|
|
674
674
|
|
|
675
|
-
<a id="
|
|
675
|
+
<a id="mtls-476751"></a>• [`no_mtls`](#mtls-476751) - Optional Block<br>Enable this option
|
|
676
676
|
|
|
677
|
-
<a id="
|
|
677
|
+
<a id="certificates-49cf23"></a>• [`tls_certificates`](#certificates-49cf23) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-49cf23) below.
|
|
678
678
|
|
|
679
|
-
<a id="
|
|
679
|
+
<a id="config-eb7c38"></a>• [`tls_config`](#config-eb7c38) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-eb7c38) below.
|
|
680
680
|
|
|
681
|
-
<a id="
|
|
681
|
+
<a id="mtls-85e7e5"></a>• [`use_mtls`](#mtls-85e7e5) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-85e7e5) below.
|
|
682
682
|
|
|
683
683
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates
|
|
684
684
|
|
|
685
|
-
A [`tls_certificates`](#
|
|
685
|
+
A [`tls_certificates`](#certificates-49cf23) block (within [`https_management.advertise_on_slo_vip`](#https-management-advertise-on-slo-vip)) supports the following:
|
|
686
686
|
|
|
687
|
-
<a id="
|
|
687
|
+
<a id="url-ba483c"></a>• [`certificate_url`](#url-ba483c) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
688
688
|
|
|
689
|
-
<a id="
|
|
689
|
+
<a id="algorithms-e4042d"></a>• [`custom_hash_algorithms`](#algorithms-e4042d) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-e4042d) below.
|
|
690
690
|
|
|
691
|
-
<a id="
|
|
691
|
+
<a id="spec-8a3b62"></a>• [`description_spec`](#spec-8a3b62) - Optional String<br>Description. Description for the certificate
|
|
692
692
|
|
|
693
|
-
<a id="
|
|
693
|
+
<a id="stapling-ba3445"></a>• [`disable_ocsp_stapling`](#stapling-ba3445) - Optional Block<br>Enable this option
|
|
694
694
|
|
|
695
|
-
<a id="
|
|
695
|
+
<a id="key-5c1b57"></a>• [`private_key`](#key-5c1b57) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-5c1b57) below.
|
|
696
696
|
|
|
697
|
-
<a id="
|
|
697
|
+
<a id="defaults-81b355"></a>• [`use_system_defaults`](#defaults-81b355) - Optional Block<br>Enable this option
|
|
698
698
|
|
|
699
699
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Custom Hash Algorithms
|
|
700
700
|
|
|
701
|
-
A [`custom_hash_algorithms`](#
|
|
701
|
+
A [`custom_hash_algorithms`](#algorithms-e4042d) block (within [`https_management.advertise_on_slo_vip.tls_certificates`](#certificates-49cf23)) supports the following:
|
|
702
702
|
|
|
703
|
-
<a id="
|
|
703
|
+
<a id="algorithms-ba763b"></a>• [`hash_algorithms`](#algorithms-ba763b) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
704
704
|
|
|
705
705
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Private Key
|
|
706
706
|
|
|
707
|
-
A [`private_key`](#
|
|
707
|
+
A [`private_key`](#key-5c1b57) block (within [`https_management.advertise_on_slo_vip.tls_certificates`](#certificates-49cf23)) supports the following:
|
|
708
708
|
|
|
709
|
-
<a id="
|
|
709
|
+
<a id="info-2120cd"></a>• [`blindfold_secret_info`](#info-2120cd) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-2120cd) below.
|
|
710
710
|
|
|
711
|
-
<a id="
|
|
711
|
+
<a id="info-915c8d"></a>• [`clear_secret_info`](#info-915c8d) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-915c8d) below.
|
|
712
712
|
|
|
713
713
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Private Key Blindfold Secret Info
|
|
714
714
|
|
|
715
|
-
A [`blindfold_secret_info`](#
|
|
715
|
+
A [`blindfold_secret_info`](#info-2120cd) block (within [`https_management.advertise_on_slo_vip.tls_certificates.private_key`](#key-5c1b57)) supports the following:
|
|
716
716
|
|
|
717
|
-
<a id="
|
|
717
|
+
<a id="provider-51ffab"></a>• [`decryption_provider`](#provider-51ffab) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
718
718
|
|
|
719
|
-
<a id="
|
|
719
|
+
<a id="location-d426d5"></a>• [`location`](#location-d426d5) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
720
720
|
|
|
721
|
-
<a id="
|
|
721
|
+
<a id="provider-080ee2"></a>• [`store_provider`](#provider-080ee2) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
722
722
|
|
|
723
723
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Private Key Clear Secret Info
|
|
724
724
|
|
|
725
|
-
A [`clear_secret_info`](#
|
|
725
|
+
A [`clear_secret_info`](#info-915c8d) block (within [`https_management.advertise_on_slo_vip.tls_certificates.private_key`](#key-5c1b57)) supports the following:
|
|
726
726
|
|
|
727
|
-
<a id="
|
|
727
|
+
<a id="ref-e449ae"></a>• [`provider_ref`](#ref-e449ae) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
728
728
|
|
|
729
|
-
<a id="
|
|
729
|
+
<a id="url-a017e0"></a>• [`url`](#url-a017e0) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
730
730
|
|
|
731
731
|
#### HTTPS Management Advertise On Slo VIP TLS Config
|
|
732
732
|
|
|
733
|
-
A [`tls_config`](#
|
|
733
|
+
A [`tls_config`](#config-eb7c38) block (within [`https_management.advertise_on_slo_vip`](#https-management-advertise-on-slo-vip)) supports the following:
|
|
734
734
|
|
|
735
|
-
<a id="
|
|
735
|
+
<a id="security-0bffe9"></a>• [`custom_security`](#security-0bffe9) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-0bffe9) below.
|
|
736
736
|
|
|
737
|
-
<a id="
|
|
737
|
+
<a id="security-37fb06"></a>• [`default_security`](#security-37fb06) - Optional Block<br>Enable this option
|
|
738
738
|
|
|
739
|
-
<a id="
|
|
739
|
+
<a id="security-9296e2"></a>• [`low_security`](#security-9296e2) - Optional Block<br>Enable this option
|
|
740
740
|
|
|
741
|
-
<a id="
|
|
741
|
+
<a id="security-cfb564"></a>• [`medium_security`](#security-cfb564) - Optional Block<br>Enable this option
|
|
742
742
|
|
|
743
743
|
#### HTTPS Management Advertise On Slo VIP TLS Config Custom Security
|
|
744
744
|
|
|
745
|
-
A [`custom_security`](#
|
|
745
|
+
A [`custom_security`](#security-0bffe9) block (within [`https_management.advertise_on_slo_vip.tls_config`](#config-eb7c38)) supports the following:
|
|
746
746
|
|
|
747
|
-
<a id="
|
|
747
|
+
<a id="suites-f86936"></a>• [`cipher_suites`](#suites-f86936) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
748
748
|
|
|
749
|
-
<a id="
|
|
749
|
+
<a id="version-b8932f"></a>• [`max_version`](#version-b8932f) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
750
750
|
|
|
751
|
-
<a id="
|
|
751
|
+
<a id="version-84a755"></a>• [`min_version`](#version-84a755) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
752
752
|
|
|
753
753
|
#### HTTPS Management Advertise On Slo VIP Use mTLS
|
|
754
754
|
|
|
755
|
-
An [`use_mtls`](#
|
|
755
|
+
An [`use_mtls`](#mtls-85e7e5) block (within [`https_management.advertise_on_slo_vip`](#https-management-advertise-on-slo-vip)) supports the following:
|
|
756
756
|
|
|
757
|
-
<a id="
|
|
757
|
+
<a id="optional-ceba52"></a>• [`client_certificate_optional`](#optional-ceba52) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
758
758
|
|
|
759
|
-
<a id="
|
|
759
|
+
<a id="crl-35cfce"></a>• [`crl`](#crl-35cfce) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-35cfce) below.
|
|
760
760
|
|
|
761
|
-
<a id="
|
|
761
|
+
<a id="crl-80dcbd"></a>• [`no_crl`](#crl-80dcbd) - Optional Block<br>Enable this option
|
|
762
762
|
|
|
763
|
-
<a id="
|
|
763
|
+
<a id="trusted-ca-eefedc"></a>• [`trusted_ca`](#trusted-ca-eefedc) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-eefedc) below.
|
|
764
764
|
|
|
765
|
-
<a id="
|
|
765
|
+
<a id="url-478a70"></a>• [`trusted_ca_url`](#url-478a70) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
766
766
|
|
|
767
|
-
<a id="
|
|
767
|
+
<a id="disabled-2827c4"></a>• [`xfcc_disabled`](#disabled-2827c4) - Optional Block<br>Enable this option
|
|
768
768
|
|
|
769
|
-
<a id="
|
|
769
|
+
<a id="options-564de6"></a>• [`xfcc_options`](#options-564de6) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-564de6) below.
|
|
770
770
|
|
|
771
771
|
#### HTTPS Management Advertise On Slo VIP Use mTLS CRL
|
|
772
772
|
|
|
773
|
-
A [`crl`](#
|
|
773
|
+
A [`crl`](#crl-35cfce) block (within [`https_management.advertise_on_slo_vip.use_mtls`](#mtls-85e7e5)) supports the following:
|
|
774
774
|
|
|
775
|
-
<a id="
|
|
775
|
+
<a id="name-9593de"></a>• [`name`](#name-9593de) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
776
776
|
|
|
777
|
-
<a id="
|
|
777
|
+
<a id="namespace-dd54d0"></a>• [`namespace`](#namespace-dd54d0) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
778
778
|
|
|
779
|
-
<a id="
|
|
779
|
+
<a id="tenant-d019a6"></a>• [`tenant`](#tenant-d019a6) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
780
780
|
|
|
781
781
|
#### HTTPS Management Advertise On Slo VIP Use mTLS Trusted CA
|
|
782
782
|
|
|
783
|
-
A [`trusted_ca`](#
|
|
783
|
+
A [`trusted_ca`](#trusted-ca-eefedc) block (within [`https_management.advertise_on_slo_vip.use_mtls`](#mtls-85e7e5)) supports the following:
|
|
784
784
|
|
|
785
|
-
<a id="
|
|
785
|
+
<a id="name-eea57c"></a>• [`name`](#name-eea57c) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
786
786
|
|
|
787
|
-
<a id="
|
|
787
|
+
<a id="namespace-121754"></a>• [`namespace`](#namespace-121754) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
788
788
|
|
|
789
|
-
<a id="
|
|
789
|
+
<a id="tenant-7e45d7"></a>• [`tenant`](#tenant-7e45d7) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
790
790
|
|
|
791
791
|
#### HTTPS Management Advertise On Slo VIP Use mTLS Xfcc Options
|
|
792
792
|
|
|
793
|
-
A [`xfcc_options`](#
|
|
793
|
+
A [`xfcc_options`](#options-564de6) block (within [`https_management.advertise_on_slo_vip.use_mtls`](#mtls-85e7e5)) supports the following:
|
|
794
794
|
|
|
795
|
-
<a id="
|
|
795
|
+
<a id="elements-b77b32"></a>• [`xfcc_header_elements`](#elements-b77b32) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
796
796
|
|
|
797
797
|
#### Palo Alto Fw Service
|
|
798
798
|
|
|
@@ -824,71 +824,71 @@ A [`palo_alto_fw_service`](#palo-alto-fw-service) block supports the following:
|
|
|
824
824
|
|
|
825
825
|
An [`auto_setup`](#palo-alto-fw-service-auto-setup) block (within [`palo_alto_fw_service`](#palo-alto-fw-service)) supports the following:
|
|
826
826
|
|
|
827
|
-
<a id="
|
|
827
|
+
<a id="password-aba55b"></a>• [`admin_password`](#password-aba55b) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Admin Password](#password-aba55b) below.
|
|
828
828
|
|
|
829
|
-
<a id="
|
|
829
|
+
<a id="username-441b03"></a>• [`admin_username`](#username-441b03) - Optional String<br>Firewall Admin Username. Firewall Admin Username
|
|
830
830
|
|
|
831
|
-
<a id="
|
|
831
|
+
<a id="keys-dcb1f4"></a>• [`manual_ssh_keys`](#keys-dcb1f4) - Optional Block<br>SSH key. SSH Key includes both public and private key<br>See [Manual SSH Keys](#keys-dcb1f4) below.
|
|
832
832
|
|
|
833
833
|
#### Palo Alto Fw Service Auto Setup Admin Password
|
|
834
834
|
|
|
835
|
-
An [`admin_password`](#
|
|
835
|
+
An [`admin_password`](#password-aba55b) block (within [`palo_alto_fw_service.auto_setup`](#palo-alto-fw-service-auto-setup)) supports the following:
|
|
836
836
|
|
|
837
|
-
<a id="
|
|
837
|
+
<a id="info-42765a"></a>• [`blindfold_secret_info`](#info-42765a) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-42765a) below.
|
|
838
838
|
|
|
839
|
-
<a id="
|
|
839
|
+
<a id="info-6f6642"></a>• [`clear_secret_info`](#info-6f6642) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-6f6642) below.
|
|
840
840
|
|
|
841
841
|
#### Palo Alto Fw Service Auto Setup Admin Password Blindfold Secret Info
|
|
842
842
|
|
|
843
|
-
A [`blindfold_secret_info`](#
|
|
843
|
+
A [`blindfold_secret_info`](#info-42765a) block (within [`palo_alto_fw_service.auto_setup.admin_password`](#password-aba55b)) supports the following:
|
|
844
844
|
|
|
845
|
-
<a id="
|
|
845
|
+
<a id="provider-be80f2"></a>• [`decryption_provider`](#provider-be80f2) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
846
846
|
|
|
847
|
-
<a id="
|
|
847
|
+
<a id="location-14c132"></a>• [`location`](#location-14c132) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
848
848
|
|
|
849
|
-
<a id="
|
|
849
|
+
<a id="provider-91ebb8"></a>• [`store_provider`](#provider-91ebb8) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
850
850
|
|
|
851
851
|
#### Palo Alto Fw Service Auto Setup Admin Password Clear Secret Info
|
|
852
852
|
|
|
853
|
-
A [`clear_secret_info`](#
|
|
853
|
+
A [`clear_secret_info`](#info-6f6642) block (within [`palo_alto_fw_service.auto_setup.admin_password`](#password-aba55b)) supports the following:
|
|
854
854
|
|
|
855
|
-
<a id="
|
|
855
|
+
<a id="ref-33e07f"></a>• [`provider_ref`](#ref-33e07f) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
856
856
|
|
|
857
|
-
<a id="
|
|
857
|
+
<a id="url-6fa130"></a>• [`url`](#url-6fa130) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
858
858
|
|
|
859
859
|
#### Palo Alto Fw Service Auto Setup Manual SSH Keys
|
|
860
860
|
|
|
861
|
-
A [`manual_ssh_keys`](#
|
|
861
|
+
A [`manual_ssh_keys`](#keys-dcb1f4) block (within [`palo_alto_fw_service.auto_setup`](#palo-alto-fw-service-auto-setup)) supports the following:
|
|
862
862
|
|
|
863
|
-
<a id="
|
|
863
|
+
<a id="key-ab4e3d"></a>• [`private_key`](#key-ab4e3d) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-ab4e3d) below.
|
|
864
864
|
|
|
865
|
-
<a id="
|
|
865
|
+
<a id="key-e96ae4"></a>• [`public_key`](#key-e96ae4) - Optional String<br>Public SSH key. Authorized Public SSH key which will be programmed on the node
|
|
866
866
|
|
|
867
867
|
#### Palo Alto Fw Service Auto Setup Manual SSH Keys Private Key
|
|
868
868
|
|
|
869
|
-
A [`private_key`](#
|
|
869
|
+
A [`private_key`](#key-ab4e3d) block (within [`palo_alto_fw_service.auto_setup.manual_ssh_keys`](#keys-dcb1f4)) supports the following:
|
|
870
870
|
|
|
871
|
-
<a id="
|
|
871
|
+
<a id="info-5da35d"></a>• [`blindfold_secret_info`](#info-5da35d) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-5da35d) below.
|
|
872
872
|
|
|
873
|
-
<a id="
|
|
873
|
+
<a id="info-34ed95"></a>• [`clear_secret_info`](#info-34ed95) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-34ed95) below.
|
|
874
874
|
|
|
875
875
|
#### Palo Alto Fw Service Auto Setup Manual SSH Keys Private Key Blindfold Secret Info
|
|
876
876
|
|
|
877
|
-
A [`blindfold_secret_info`](#
|
|
877
|
+
A [`blindfold_secret_info`](#info-5da35d) block (within [`palo_alto_fw_service.auto_setup.manual_ssh_keys.private_key`](#key-ab4e3d)) supports the following:
|
|
878
878
|
|
|
879
|
-
<a id="
|
|
879
|
+
<a id="provider-18987c"></a>• [`decryption_provider`](#provider-18987c) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
880
880
|
|
|
881
|
-
<a id="
|
|
881
|
+
<a id="location-882c7e"></a>• [`location`](#location-882c7e) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
882
882
|
|
|
883
|
-
<a id="
|
|
883
|
+
<a id="provider-e1294e"></a>• [`store_provider`](#provider-e1294e) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
884
884
|
|
|
885
885
|
#### Palo Alto Fw Service Auto Setup Manual SSH Keys Private Key Clear Secret Info
|
|
886
886
|
|
|
887
|
-
A [`clear_secret_info`](#
|
|
887
|
+
A [`clear_secret_info`](#info-34ed95) block (within [`palo_alto_fw_service.auto_setup.manual_ssh_keys.private_key`](#key-ab4e3d)) supports the following:
|
|
888
888
|
|
|
889
|
-
<a id="
|
|
889
|
+
<a id="ref-b0dddb"></a>• [`provider_ref`](#ref-b0dddb) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
890
890
|
|
|
891
|
-
<a id="
|
|
891
|
+
<a id="url-341486"></a>• [`url`](#url-341486) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
892
892
|
|
|
893
893
|
#### Palo Alto Fw Service AWS TGW Site
|
|
894
894
|
|
|
@@ -896,79 +896,79 @@ An [`aws_tgw_site`](#palo-alto-fw-service-aws-tgw-site) block (within [`palo_alt
|
|
|
896
896
|
|
|
897
897
|
<a id="palo-alto-fw-service-aws-tgw-site-name"></a>• [`name`](#palo-alto-fw-service-aws-tgw-site-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
898
898
|
|
|
899
|
-
<a id="
|
|
899
|
+
<a id="namespace-4bee71"></a>• [`namespace`](#namespace-4bee71) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
900
900
|
|
|
901
|
-
<a id="
|
|
901
|
+
<a id="tenant-f4683d"></a>• [`tenant`](#tenant-f4683d) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
902
902
|
|
|
903
903
|
#### Palo Alto Fw Service Panorama Server
|
|
904
904
|
|
|
905
905
|
A [`panorama_server`](#palo-alto-fw-service-panorama-server) block (within [`palo_alto_fw_service`](#palo-alto-fw-service)) supports the following:
|
|
906
906
|
|
|
907
|
-
<a id="
|
|
907
|
+
<a id="key-d798d1"></a>• [`authorization_key`](#key-d798d1) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Authorization Key](#key-d798d1) below.
|
|
908
908
|
|
|
909
|
-
<a id="
|
|
909
|
+
<a id="name-9cae98"></a>• [`device_group_name`](#name-9cae98) - Optional String<br>Device Group Name. Device Group Name
|
|
910
910
|
|
|
911
|
-
<a id="
|
|
911
|
+
<a id="server-6bc226"></a>• [`server`](#server-6bc226) - Optional String<br>Server IPv4 Address. Panorama Server Address to which the firewall should connect to
|
|
912
912
|
|
|
913
|
-
<a id="
|
|
913
|
+
<a id="name-852ba5"></a>• [`template_stack_name`](#name-852ba5) - Optional String<br>template stack name. Template Stack Name
|
|
914
914
|
|
|
915
915
|
#### Palo Alto Fw Service Panorama Server Authorization Key
|
|
916
916
|
|
|
917
|
-
An [`authorization_key`](#
|
|
917
|
+
An [`authorization_key`](#key-d798d1) block (within [`palo_alto_fw_service.panorama_server`](#palo-alto-fw-service-panorama-server)) supports the following:
|
|
918
918
|
|
|
919
|
-
<a id="
|
|
919
|
+
<a id="info-58289d"></a>• [`blindfold_secret_info`](#info-58289d) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-58289d) below.
|
|
920
920
|
|
|
921
|
-
<a id="
|
|
921
|
+
<a id="info-ab1329"></a>• [`clear_secret_info`](#info-ab1329) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-ab1329) below.
|
|
922
922
|
|
|
923
923
|
#### Palo Alto Fw Service Panorama Server Authorization Key Blindfold Secret Info
|
|
924
924
|
|
|
925
|
-
A [`blindfold_secret_info`](#
|
|
925
|
+
A [`blindfold_secret_info`](#info-58289d) block (within [`palo_alto_fw_service.panorama_server.authorization_key`](#key-d798d1)) supports the following:
|
|
926
926
|
|
|
927
|
-
<a id="
|
|
927
|
+
<a id="provider-3a9cc4"></a>• [`decryption_provider`](#provider-3a9cc4) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
928
928
|
|
|
929
|
-
<a id="
|
|
929
|
+
<a id="location-41fa5e"></a>• [`location`](#location-41fa5e) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
930
930
|
|
|
931
|
-
<a id="
|
|
931
|
+
<a id="provider-b5f70f"></a>• [`store_provider`](#provider-b5f70f) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
932
932
|
|
|
933
933
|
#### Palo Alto Fw Service Panorama Server Authorization Key Clear Secret Info
|
|
934
934
|
|
|
935
|
-
A [`clear_secret_info`](#
|
|
935
|
+
A [`clear_secret_info`](#info-ab1329) block (within [`palo_alto_fw_service.panorama_server.authorization_key`](#key-d798d1)) supports the following:
|
|
936
936
|
|
|
937
|
-
<a id="
|
|
937
|
+
<a id="ref-3fb4fb"></a>• [`provider_ref`](#ref-3fb4fb) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
938
938
|
|
|
939
|
-
<a id="
|
|
939
|
+
<a id="url-8cca66"></a>• [`url`](#url-8cca66) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
940
940
|
|
|
941
941
|
#### Palo Alto Fw Service Service Nodes
|
|
942
942
|
|
|
943
943
|
A [`service_nodes`](#palo-alto-fw-service-service-nodes) block (within [`palo_alto_fw_service`](#palo-alto-fw-service)) supports the following:
|
|
944
944
|
|
|
945
|
-
<a id="
|
|
945
|
+
<a id="nodes-b8137e"></a>• [`nodes`](#nodes-b8137e) - Optional Block<br>Palo Alto Networks AZ Nodes<br>See [Nodes](#nodes-b8137e) below.
|
|
946
946
|
|
|
947
947
|
#### Palo Alto Fw Service Service Nodes Nodes
|
|
948
948
|
|
|
949
|
-
A [`nodes`](#
|
|
949
|
+
A [`nodes`](#nodes-b8137e) block (within [`palo_alto_fw_service.service_nodes`](#palo-alto-fw-service-service-nodes)) supports the following:
|
|
950
950
|
|
|
951
|
-
<a id="
|
|
951
|
+
<a id="name-d0302b"></a>• [`aws_az_name`](#name-d0302b) - Optional String<br>AWS AZ Name. AWS availability zone, must be consistent with the selected AWS region. It is recommended that AZ is one of the AZ for sites
|
|
952
952
|
|
|
953
|
-
<a id="
|
|
953
|
+
<a id="subnet-0f55cf"></a>• [`mgmt_subnet`](#subnet-0f55cf) - Optional Block<br>AWS Subnet. Parameters for AWS subnet<br>See [Mgmt Subnet](#subnet-0f55cf) below.
|
|
954
954
|
|
|
955
|
-
<a id="
|
|
955
|
+
<a id="name-6e2eb6"></a>• [`node_name`](#name-6e2eb6) - Optional String<br>Node Name. Node Name will be used to assign as hostname to the service
|
|
956
956
|
|
|
957
|
-
<a id="
|
|
957
|
+
<a id="subnet-52b5ce"></a>• [`reserved_mgmt_subnet`](#subnet-52b5ce) - Optional Block<br>Enable this option
|
|
958
958
|
|
|
959
959
|
#### Palo Alto Fw Service Service Nodes Nodes Mgmt Subnet
|
|
960
960
|
|
|
961
|
-
A [`mgmt_subnet`](#
|
|
961
|
+
A [`mgmt_subnet`](#subnet-0f55cf) block (within [`palo_alto_fw_service.service_nodes.nodes`](#nodes-b8137e)) supports the following:
|
|
962
962
|
|
|
963
|
-
<a id="
|
|
963
|
+
<a id="subnet-id-78d1a0"></a>• [`existing_subnet_id`](#subnet-id-78d1a0) - Optional String<br>Existing Subnet ID. Information about existing subnet ID
|
|
964
964
|
|
|
965
|
-
<a id="
|
|
965
|
+
<a id="param-712914"></a>• [`subnet_param`](#param-712914) - Optional Block<br>New Cloud Subnet Parameters. Parameters for creating a new cloud subnet<br>See [Subnet Param](#param-712914) below.
|
|
966
966
|
|
|
967
967
|
#### Palo Alto Fw Service Service Nodes Nodes Mgmt Subnet Subnet Param
|
|
968
968
|
|
|
969
|
-
A [`subnet_param`](#
|
|
969
|
+
A [`subnet_param`](#param-712914) block (within [`palo_alto_fw_service.service_nodes.nodes.mgmt_subnet`](#subnet-0f55cf)) supports the following:
|
|
970
970
|
|
|
971
|
-
<a id="
|
|
971
|
+
<a id="ipv4-2522ae"></a>• [`ipv4`](#ipv4-2522ae) - Optional String<br>IPv4 Subnet. IPv4 subnet prefix for this subnet
|
|
972
972
|
|
|
973
973
|
#### Timeouts
|
|
974
974
|
|