@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +24 -877
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -94,293 +94,293 @@ An [`aws_site_type_choice`](#aws-site-type-choice) block supports the following:
|
|
|
94
94
|
|
|
95
95
|
An [`apm_aws_site`](#aws-site-type-choice-apm-aws-site) block (within [`aws_site_type_choice`](#aws-site-type-choice)) supports the following:
|
|
96
96
|
|
|
97
|
-
<a id="
|
|
97
|
+
<a id="password-cf5632"></a>• [`admin_password`](#password-cf5632) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Admin Password](#password-cf5632) below.
|
|
98
98
|
|
|
99
|
-
<a id="
|
|
99
|
+
<a id="username-360b70"></a>• [`admin_username`](#username-360b70) - Optional String<br>Admin Username. Admin Username for BIG-IP
|
|
100
100
|
|
|
101
|
-
<a id="
|
|
101
|
+
<a id="site-bbb128"></a>• [`aws_tgw_site`](#site-bbb128) - Optional Block<br>BIG-IP AWS TGW Site. BIG-IP AWS TGW site specification<br>See [AWS TGW Site](#site-bbb128) below.
|
|
102
102
|
|
|
103
|
-
<a id="
|
|
103
|
+
<a id="service-8fe23c"></a>• [`endpoint_service`](#service-8fe23c) - Optional Block<br>Endpoint Service. Endpoint Service is a type of service where the packets are destined to BIG-IP APM device and service modifies the destination with a new destination address<br>See [Endpoint Service](#service-8fe23c) below.
|
|
104
104
|
|
|
105
105
|
<a id="aws-site-type-choice-apm-aws-site-nodes"></a>• [`nodes`](#aws-site-type-choice-apm-aws-site-nodes) - Optional Block<br>Service Nodes. Specify how and where the service nodes are spawned<br>See [Nodes](#aws-site-type-choice-apm-aws-site-nodes) below.
|
|
106
106
|
|
|
107
|
-
<a id="
|
|
107
|
+
<a id="key-4e6dae"></a>• [`ssh_key`](#key-4e6dae) - Optional String<br>Public SSH key. Public SSH key for accessing the BIG-IP nodes
|
|
108
108
|
|
|
109
109
|
<a id="aws-site-type-choice-apm-aws-site-tags"></a>• [`tags`](#aws-site-type-choice-apm-aws-site-tags) - Optional Block<br>AWS Tags. AWS Tags is a label consisting of a user-defined key and value. It helps to manage, identify, organize, search for, and filter resources in AWS console
|
|
110
110
|
|
|
111
111
|
#### AWS Site Type Choice APM AWS Site Admin Password
|
|
112
112
|
|
|
113
|
-
An [`admin_password`](#
|
|
113
|
+
An [`admin_password`](#password-cf5632) block (within [`aws_site_type_choice.apm_aws_site`](#aws-site-type-choice-apm-aws-site)) supports the following:
|
|
114
114
|
|
|
115
|
-
<a id="
|
|
115
|
+
<a id="info-60b371"></a>• [`blindfold_secret_info`](#info-60b371) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-60b371) below.
|
|
116
116
|
|
|
117
|
-
<a id="
|
|
117
|
+
<a id="info-a13599"></a>• [`clear_secret_info`](#info-a13599) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-a13599) below.
|
|
118
118
|
|
|
119
119
|
#### AWS Site Type Choice APM AWS Site Admin Password Blindfold Secret Info
|
|
120
120
|
|
|
121
|
-
A [`blindfold_secret_info`](#
|
|
121
|
+
A [`blindfold_secret_info`](#info-60b371) block (within [`aws_site_type_choice.apm_aws_site.admin_password`](#password-cf5632)) supports the following:
|
|
122
122
|
|
|
123
|
-
<a id="
|
|
123
|
+
<a id="provider-89288f"></a>• [`decryption_provider`](#provider-89288f) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
124
124
|
|
|
125
|
-
<a id="
|
|
125
|
+
<a id="location-06e5de"></a>• [`location`](#location-06e5de) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
126
126
|
|
|
127
|
-
<a id="
|
|
127
|
+
<a id="provider-e63bce"></a>• [`store_provider`](#provider-e63bce) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
128
128
|
|
|
129
129
|
#### AWS Site Type Choice APM AWS Site Admin Password Clear Secret Info
|
|
130
130
|
|
|
131
|
-
A [`clear_secret_info`](#
|
|
131
|
+
A [`clear_secret_info`](#info-a13599) block (within [`aws_site_type_choice.apm_aws_site.admin_password`](#password-cf5632)) supports the following:
|
|
132
132
|
|
|
133
|
-
<a id="
|
|
133
|
+
<a id="ref-b1dd81"></a>• [`provider_ref`](#ref-b1dd81) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
134
134
|
|
|
135
|
-
<a id="
|
|
135
|
+
<a id="url-31b4e4"></a>• [`url`](#url-31b4e4) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
136
136
|
|
|
137
137
|
#### AWS Site Type Choice APM AWS Site AWS TGW Site
|
|
138
138
|
|
|
139
|
-
An [`aws_tgw_site`](#
|
|
139
|
+
An [`aws_tgw_site`](#site-bbb128) block (within [`aws_site_type_choice.apm_aws_site`](#aws-site-type-choice-apm-aws-site)) supports the following:
|
|
140
140
|
|
|
141
|
-
<a id="
|
|
141
|
+
<a id="site-e5d82e"></a>• [`aws_tgw_site`](#site-e5d82e) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [AWS TGW Site](#site-e5d82e) below.
|
|
142
142
|
|
|
143
143
|
#### AWS Site Type Choice APM AWS Site AWS TGW Site AWS TGW Site
|
|
144
144
|
|
|
145
|
-
An [`aws_tgw_site`](#
|
|
145
|
+
An [`aws_tgw_site`](#site-e5d82e) block (within [`aws_site_type_choice.apm_aws_site.aws_tgw_site`](#site-bbb128)) supports the following:
|
|
146
146
|
|
|
147
|
-
<a id="
|
|
147
|
+
<a id="name-ed2396"></a>• [`name`](#name-ed2396) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
148
148
|
|
|
149
|
-
<a id="
|
|
149
|
+
<a id="namespace-20e2a1"></a>• [`namespace`](#namespace-20e2a1) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
150
150
|
|
|
151
|
-
<a id="
|
|
151
|
+
<a id="tenant-f6912c"></a>• [`tenant`](#tenant-f6912c) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
152
152
|
|
|
153
153
|
#### AWS Site Type Choice APM AWS Site Endpoint Service
|
|
154
154
|
|
|
155
|
-
An [`endpoint_service`](#
|
|
155
|
+
An [`endpoint_service`](#service-8fe23c) block (within [`aws_site_type_choice.apm_aws_site`](#aws-site-type-choice-apm-aws-site)) supports the following:
|
|
156
156
|
|
|
157
|
-
<a id="
|
|
157
|
+
<a id="slo-ip-622624"></a>• [`advertise_on_slo_ip`](#slo-ip-622624) - Optional Block<br>Enable this option
|
|
158
158
|
|
|
159
|
-
<a id="
|
|
159
|
+
<a id="external-61b9da"></a>• [`advertise_on_slo_ip_external`](#external-61b9da) - Optional Block<br>Enable this option
|
|
160
160
|
|
|
161
|
-
<a id="
|
|
161
|
+
<a id="vip-4ea744"></a>• [`automatic_vip`](#vip-4ea744) - Optional Block<br>Enable this option
|
|
162
162
|
|
|
163
|
-
<a id="
|
|
163
|
+
<a id="vip-4dcfed"></a>• [`configured_vip`](#vip-4dcfed) - Optional String<br>Configured VIP. Enter IP address for the default VIP
|
|
164
164
|
|
|
165
|
-
<a id="
|
|
165
|
+
<a id="ports-79b68c"></a>• [`custom_tcp_ports`](#ports-79b68c) - Optional Block<br>Port Range List. List of port ranges<br>See [Custom TCP Ports](#ports-79b68c) below.
|
|
166
166
|
|
|
167
|
-
<a id="
|
|
167
|
+
<a id="ports-1edf2b"></a>• [`custom_udp_ports`](#ports-1edf2b) - Optional Block<br>Port Range List. List of port ranges<br>See [Custom UDP Ports](#ports-1edf2b) below.
|
|
168
168
|
|
|
169
|
-
<a id="
|
|
169
|
+
<a id="ports-2dd037"></a>• [`default_tcp_ports`](#ports-2dd037) - Optional Block<br>Enable this option
|
|
170
170
|
|
|
171
|
-
<a id="
|
|
171
|
+
<a id="slo-ip-b205a0"></a>• [`disable_advertise_on_slo_ip`](#slo-ip-b205a0) - Optional Block<br>Enable this option
|
|
172
172
|
|
|
173
|
-
<a id="
|
|
173
|
+
<a id="port-591bc4"></a>• [`http_port`](#port-591bc4) - Optional Block<br>Enable this option
|
|
174
174
|
|
|
175
|
-
<a id="
|
|
175
|
+
<a id="port-517e0a"></a>• [`https_port`](#port-517e0a) - Optional Block<br>Enable this option
|
|
176
176
|
|
|
177
|
-
<a id="
|
|
177
|
+
<a id="ports-fec4a7"></a>• [`no_tcp_ports`](#ports-fec4a7) - Optional Block<br>Enable this option
|
|
178
178
|
|
|
179
|
-
<a id="
|
|
179
|
+
<a id="ports-9f3544"></a>• [`no_udp_ports`](#ports-9f3544) - Optional Block<br>Enable this option
|
|
180
180
|
|
|
181
181
|
#### AWS Site Type Choice APM AWS Site Endpoint Service Custom TCP Ports
|
|
182
182
|
|
|
183
|
-
A [`custom_tcp_ports`](#
|
|
183
|
+
A [`custom_tcp_ports`](#ports-79b68c) block (within [`aws_site_type_choice.apm_aws_site.endpoint_service`](#service-8fe23c)) supports the following:
|
|
184
184
|
|
|
185
|
-
<a id="
|
|
185
|
+
<a id="ports-f94962"></a>• [`ports`](#ports-f94962) - Optional List<br>Port Ranges. List of port ranges. Each range is a single port or a pair of start and end ports e.g. 8080-8192
|
|
186
186
|
|
|
187
187
|
#### AWS Site Type Choice APM AWS Site Endpoint Service Custom UDP Ports
|
|
188
188
|
|
|
189
|
-
A [`custom_udp_ports`](#
|
|
189
|
+
A [`custom_udp_ports`](#ports-1edf2b) block (within [`aws_site_type_choice.apm_aws_site.endpoint_service`](#service-8fe23c)) supports the following:
|
|
190
190
|
|
|
191
|
-
<a id="
|
|
191
|
+
<a id="ports-fe7f51"></a>• [`ports`](#ports-fe7f51) - Optional List<br>Port Ranges. List of port ranges. Each range is a single port or a pair of start and end ports e.g. 8080-8192
|
|
192
192
|
|
|
193
193
|
#### AWS Site Type Choice APM AWS Site Nodes
|
|
194
194
|
|
|
195
195
|
A [`nodes`](#aws-site-type-choice-apm-aws-site-nodes) block (within [`aws_site_type_choice.apm_aws_site`](#aws-site-type-choice-apm-aws-site)) supports the following:
|
|
196
196
|
|
|
197
|
-
<a id="
|
|
197
|
+
<a id="prefix-aacce8"></a>• [`automatic_prefix`](#prefix-aacce8) - Optional Block<br>Enable this option
|
|
198
198
|
|
|
199
|
-
<a id="
|
|
199
|
+
<a id="name-2b7871"></a>• [`aws_az_name`](#name-2b7871) - Optional String<br>AWS AZ Name. The AWS Availability Zone must be consistent with the AWS Region chosen. Please select an AZ in the same Region as your TGW Site
|
|
200
200
|
|
|
201
|
-
<a id="
|
|
201
|
+
<a id="subnet-7d1f57"></a>• [`mgmt_subnet`](#subnet-7d1f57) - Optional Block<br>AWS Subnet. Parameters for AWS subnet<br>See [Mgmt Subnet](#subnet-7d1f57) below.
|
|
202
202
|
|
|
203
|
-
<a id="
|
|
203
|
+
<a id="name-d6e2fd"></a>• [`node_name`](#name-d6e2fd) - Optional String<br>Node Name. Node Name will be used to assign as hostname to the service
|
|
204
204
|
|
|
205
|
-
<a id="
|
|
205
|
+
<a id="subnet-1ec977"></a>• [`reserved_mgmt_subnet`](#subnet-1ec977) - Optional Block<br>Enable this option
|
|
206
206
|
|
|
207
|
-
<a id="
|
|
207
|
+
<a id="prefix-9f93cf"></a>• [`tunnel_prefix`](#prefix-9f93cf) - Optional String<br>Tunnel IP Prefix. Enter IP prefix for the tunnel, it has to be /30
|
|
208
208
|
|
|
209
209
|
#### AWS Site Type Choice APM AWS Site Nodes Mgmt Subnet
|
|
210
210
|
|
|
211
|
-
A [`mgmt_subnet`](#
|
|
211
|
+
A [`mgmt_subnet`](#subnet-7d1f57) block (within [`aws_site_type_choice.apm_aws_site.nodes`](#aws-site-type-choice-apm-aws-site-nodes)) supports the following:
|
|
212
212
|
|
|
213
|
-
<a id="
|
|
213
|
+
<a id="subnet-id-163629"></a>• [`existing_subnet_id`](#subnet-id-163629) - Optional String<br>Existing Subnet ID. Information about existing subnet ID
|
|
214
214
|
|
|
215
|
-
<a id="
|
|
215
|
+
<a id="param-2694e6"></a>• [`subnet_param`](#param-2694e6) - Optional Block<br>New Cloud Subnet Parameters. Parameters for creating a new cloud subnet<br>See [Subnet Param](#param-2694e6) below.
|
|
216
216
|
|
|
217
217
|
#### AWS Site Type Choice APM AWS Site Nodes Mgmt Subnet Subnet Param
|
|
218
218
|
|
|
219
|
-
A [`subnet_param`](#
|
|
219
|
+
A [`subnet_param`](#param-2694e6) block (within [`aws_site_type_choice.apm_aws_site.nodes.mgmt_subnet`](#subnet-7d1f57)) supports the following:
|
|
220
220
|
|
|
221
|
-
<a id="
|
|
221
|
+
<a id="ipv4-a87d6e"></a>• [`ipv4`](#ipv4-a87d6e) - Optional String<br>IPv4 Subnet. IPv4 subnet prefix for this subnet
|
|
222
222
|
|
|
223
223
|
#### AWS Site Type Choice Market Place Image
|
|
224
224
|
|
|
225
225
|
A [`market_place_image`](#aws-site-type-choice-market-place-image) block (within [`aws_site_type_choice`](#aws-site-type-choice)) supports the following:
|
|
226
226
|
|
|
227
|
-
<a id="
|
|
227
|
+
<a id="mbps-34ab41"></a>• [`best_plus_pay_g200_mbps`](#mbps-34ab41) - Optional Block<br>Enable this option
|
|
228
228
|
|
|
229
|
-
<a id="
|
|
229
|
+
<a id="1gbps-f0a9c0"></a>• [`best_plus_payg_1gbps`](#1gbps-f0a9c0) - Optional Block<br>Enable this option
|
|
230
230
|
|
|
231
231
|
#### Baremetal Site Type Choice
|
|
232
232
|
|
|
233
233
|
A [`baremetal_site_type_choice`](#baremetal-site-type-choice) block supports the following:
|
|
234
234
|
|
|
235
|
-
<a id="
|
|
235
|
+
<a id="site-61bcd2"></a>• [`f5_bare_metal_site`](#site-61bcd2) - Optional Block<br>Virtual BIG-IP on App Stack bare metal. Virtual BIG-IP specification for App Stack bare metal<br>See [F5 Bare Metal Site](#site-61bcd2) below.
|
|
236
236
|
|
|
237
237
|
#### Baremetal Site Type Choice F5 Bare Metal Site
|
|
238
238
|
|
|
239
|
-
A [`f5_bare_metal_site`](#
|
|
239
|
+
A [`f5_bare_metal_site`](#site-61bcd2) block (within [`baremetal_site_type_choice`](#baremetal-site-type-choice)) supports the following:
|
|
240
240
|
|
|
241
|
-
<a id="
|
|
241
|
+
<a id="password-7a55a1"></a>• [`admin_password`](#password-7a55a1) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Admin Password](#password-7a55a1) below.
|
|
242
242
|
|
|
243
|
-
<a id="
|
|
243
|
+
<a id="username-f77a06"></a>• [`admin_username`](#username-f77a06) - Optional String<br>Admin Username. Admin Username for BIG-IP
|
|
244
244
|
|
|
245
|
-
<a id="
|
|
245
|
+
<a id="site-12d7d5"></a>• [`bare_metal_site`](#site-12d7d5) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Bare Metal Site](#site-12d7d5) below.
|
|
246
246
|
|
|
247
|
-
<a id="
|
|
247
|
+
<a id="instance-036acc"></a>• [`bigiq_instance`](#instance-036acc) - Optional Block<br>License Server Details. Specification for BIG-IQ Instance, where and what<br>See [Bigiq Instance](#instance-036acc) below.
|
|
248
248
|
|
|
249
|
-
<a id="
|
|
249
|
+
<a id="nodes-d13441"></a>• [`nodes`](#nodes-d13441) - Optional Block<br>Service Nodes. Specify how and where the service nodes are spawned<br>See [Nodes](#nodes-d13441) below.
|
|
250
250
|
|
|
251
|
-
<a id="
|
|
251
|
+
<a id="url-df9cd5"></a>• [`public_download_url`](#url-df9cd5) - Optional String<br>Image URL. Public URL where BIG-IP VE image (qcow2) is hosted
|
|
252
252
|
|
|
253
|
-
<a id="
|
|
253
|
+
<a id="key-e678b6"></a>• [`ssh_key`](#key-e678b6) - Optional String<br>Public SSH key. Public SSH key for accessing the BIG-IP nodes
|
|
254
254
|
|
|
255
255
|
#### Baremetal Site Type Choice F5 Bare Metal Site Admin Password
|
|
256
256
|
|
|
257
|
-
An [`admin_password`](#
|
|
257
|
+
An [`admin_password`](#password-7a55a1) block (within [`baremetal_site_type_choice.f5_bare_metal_site`](#site-61bcd2)) supports the following:
|
|
258
258
|
|
|
259
|
-
<a id="
|
|
259
|
+
<a id="info-129af5"></a>• [`blindfold_secret_info`](#info-129af5) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-129af5) below.
|
|
260
260
|
|
|
261
|
-
<a id="
|
|
261
|
+
<a id="info-5d1498"></a>• [`clear_secret_info`](#info-5d1498) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-5d1498) below.
|
|
262
262
|
|
|
263
263
|
#### Baremetal Site Type Choice F5 Bare Metal Site Admin Password Blindfold Secret Info
|
|
264
264
|
|
|
265
|
-
A [`blindfold_secret_info`](#
|
|
265
|
+
A [`blindfold_secret_info`](#info-129af5) block (within [`baremetal_site_type_choice.f5_bare_metal_site.admin_password`](#password-7a55a1)) supports the following:
|
|
266
266
|
|
|
267
|
-
<a id="
|
|
267
|
+
<a id="provider-66dae4"></a>• [`decryption_provider`](#provider-66dae4) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
268
268
|
|
|
269
|
-
<a id="
|
|
269
|
+
<a id="location-671d98"></a>• [`location`](#location-671d98) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
270
270
|
|
|
271
|
-
<a id="
|
|
271
|
+
<a id="provider-4f48bf"></a>• [`store_provider`](#provider-4f48bf) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
272
272
|
|
|
273
273
|
#### Baremetal Site Type Choice F5 Bare Metal Site Admin Password Clear Secret Info
|
|
274
274
|
|
|
275
|
-
A [`clear_secret_info`](#
|
|
275
|
+
A [`clear_secret_info`](#info-5d1498) block (within [`baremetal_site_type_choice.f5_bare_metal_site.admin_password`](#password-7a55a1)) supports the following:
|
|
276
276
|
|
|
277
|
-
<a id="
|
|
277
|
+
<a id="ref-c9c5e0"></a>• [`provider_ref`](#ref-c9c5e0) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
278
278
|
|
|
279
|
-
<a id="
|
|
279
|
+
<a id="url-3d433e"></a>• [`url`](#url-3d433e) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
280
280
|
|
|
281
281
|
#### Baremetal Site Type Choice F5 Bare Metal Site Bare Metal Site
|
|
282
282
|
|
|
283
|
-
A [`bare_metal_site`](#
|
|
283
|
+
A [`bare_metal_site`](#site-12d7d5) block (within [`baremetal_site_type_choice.f5_bare_metal_site`](#site-61bcd2)) supports the following:
|
|
284
284
|
|
|
285
|
-
<a id="
|
|
285
|
+
<a id="name-3aa0ef"></a>• [`name`](#name-3aa0ef) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
286
286
|
|
|
287
|
-
<a id="
|
|
287
|
+
<a id="namespace-33bcd0"></a>• [`namespace`](#namespace-33bcd0) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
288
288
|
|
|
289
|
-
<a id="
|
|
289
|
+
<a id="tenant-b4548c"></a>• [`tenant`](#tenant-b4548c) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
290
290
|
|
|
291
291
|
#### Baremetal Site Type Choice F5 Bare Metal Site Bigiq Instance
|
|
292
292
|
|
|
293
|
-
A [`bigiq_instance`](#
|
|
293
|
+
A [`bigiq_instance`](#instance-036acc) block (within [`baremetal_site_type_choice.f5_bare_metal_site`](#site-61bcd2)) supports the following:
|
|
294
294
|
|
|
295
|
-
<a id="
|
|
295
|
+
<a id="name-4ad760"></a>• [`license_pool_name`](#name-4ad760) - Optional String<br>License Pool Name. Name of Utility Pool on BIG-IQ
|
|
296
296
|
|
|
297
|
-
<a id="
|
|
297
|
+
<a id="server-ip-77923c"></a>• [`license_server_ip`](#server-ip-77923c) - Optional String<br>License Server IP. IP Address from the TCP Load Balancer which is configured to communicate with License Server
|
|
298
298
|
|
|
299
|
-
<a id="
|
|
299
|
+
<a id="password-db7269"></a>• [`password`](#password-db7269) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Password](#password-db7269) below.
|
|
300
300
|
|
|
301
|
-
<a id="
|
|
301
|
+
<a id="name-fe91d5"></a>• [`sku_name`](#name-fe91d5) - Optional String<br>Offering Name. License offering name aka SKU name
|
|
302
302
|
|
|
303
|
-
<a id="
|
|
303
|
+
<a id="username-bf14d5"></a>• [`username`](#username-bf14d5) - Optional String<br>User Name. User Name used to access BIG-IQ to activate the license
|
|
304
304
|
|
|
305
305
|
#### Baremetal Site Type Choice F5 Bare Metal Site Bigiq Instance Password
|
|
306
306
|
|
|
307
|
-
A [`password`](#
|
|
307
|
+
A [`password`](#password-db7269) block (within [`baremetal_site_type_choice.f5_bare_metal_site.bigiq_instance`](#instance-036acc)) supports the following:
|
|
308
308
|
|
|
309
|
-
<a id="
|
|
309
|
+
<a id="info-53f845"></a>• [`blindfold_secret_info`](#info-53f845) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-53f845) below.
|
|
310
310
|
|
|
311
|
-
<a id="
|
|
311
|
+
<a id="info-b6ef20"></a>• [`clear_secret_info`](#info-b6ef20) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-b6ef20) below.
|
|
312
312
|
|
|
313
313
|
#### Baremetal Site Type Choice F5 Bare Metal Site Bigiq Instance Password Blindfold Secret Info
|
|
314
314
|
|
|
315
|
-
A [`blindfold_secret_info`](#
|
|
315
|
+
A [`blindfold_secret_info`](#info-53f845) block (within [`baremetal_site_type_choice.f5_bare_metal_site.bigiq_instance.password`](#password-db7269)) supports the following:
|
|
316
316
|
|
|
317
|
-
<a id="
|
|
317
|
+
<a id="provider-8f2abd"></a>• [`decryption_provider`](#provider-8f2abd) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
318
318
|
|
|
319
|
-
<a id="
|
|
319
|
+
<a id="location-3c1ace"></a>• [`location`](#location-3c1ace) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
320
320
|
|
|
321
|
-
<a id="
|
|
321
|
+
<a id="provider-8b133e"></a>• [`store_provider`](#provider-8b133e) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
322
322
|
|
|
323
323
|
#### Baremetal Site Type Choice F5 Bare Metal Site Bigiq Instance Password Clear Secret Info
|
|
324
324
|
|
|
325
|
-
A [`clear_secret_info`](#
|
|
325
|
+
A [`clear_secret_info`](#info-b6ef20) block (within [`baremetal_site_type_choice.f5_bare_metal_site.bigiq_instance.password`](#password-db7269)) supports the following:
|
|
326
326
|
|
|
327
|
-
<a id="
|
|
327
|
+
<a id="ref-cd9714"></a>• [`provider_ref`](#ref-cd9714) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
328
328
|
|
|
329
|
-
<a id="
|
|
329
|
+
<a id="url-df6aed"></a>• [`url`](#url-df6aed) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
330
330
|
|
|
331
331
|
#### Baremetal Site Type Choice F5 Bare Metal Site Nodes
|
|
332
332
|
|
|
333
|
-
A [`nodes`](#
|
|
333
|
+
A [`nodes`](#nodes-d13441) block (within [`baremetal_site_type_choice.f5_bare_metal_site`](#site-61bcd2)) supports the following:
|
|
334
334
|
|
|
335
|
-
<a id="
|
|
335
|
+
<a id="size-c2ec7b"></a>• [`bm_node_memory_size`](#size-c2ec7b) - Optional String Defaults to `BM_8_GB_MEMORY`<br>Possible values are `BM_8_GB_MEMORY`, `BM_16_GB_MEMORY`, `BM_32_GB_MEMORY`<br>[Enum: BM_8_GB_MEMORY|BM_16_GB_MEMORY|BM_32_GB_MEMORY] Bare Metal ServiceNode Memory Size. Enum to define amount of memory to be assigned to the node - BM_8_GB_MEMORY: 8 GB - BM_16_GB_MEMORY: 16 GB - BM_32_GB_MEMORY: 32 GB
|
|
336
336
|
|
|
337
|
-
<a id="
|
|
337
|
+
<a id="count-3392e9"></a>• [`bm_virtual_cpu_count`](#count-3392e9) - Optional String Defaults to `BM_4_VCPU`<br>Possible values are `BM_4_VCPU`, `BM_8_VCPU`<br>[Enum: BM_4_VCPU|BM_8_VCPU] Bare Metal ServiceNode Virtual CPU Count. Enum to define number of virtual CPU's to be assigned to the node - BM_4_VCPU: 4 virtual CPUs - BM_8_VCPU: 8 virtual CPUs
|
|
338
338
|
|
|
339
|
-
<a id="
|
|
339
|
+
<a id="interface-e258b4"></a>• [`external_interface`](#interface-e258b4) - Optional Block<br>Interface.BIG-IP interface details<br>See [External Interface](#interface-e258b4) below.
|
|
340
340
|
|
|
341
|
-
<a id="
|
|
341
|
+
<a id="interface-eb05e4"></a>• [`internal_interface`](#interface-eb05e4) - Optional Block<br>Interface.BIG-IP interface details<br>See [Internal Interface](#interface-eb05e4) below.
|
|
342
342
|
|
|
343
|
-
<a id="
|
|
343
|
+
<a id="name-a0502c"></a>• [`node_name`](#name-a0502c) - Optional String<br>Node Name. Node Name will be used to assign as hostname to the service
|
|
344
344
|
|
|
345
345
|
#### Baremetal Site Type Choice F5 Bare Metal Site Nodes External Interface
|
|
346
346
|
|
|
347
|
-
An [`external_interface`](#
|
|
347
|
+
An [`external_interface`](#interface-e258b4) block (within [`baremetal_site_type_choice.f5_bare_metal_site.nodes`](#nodes-d13441)) supports the following:
|
|
348
348
|
|
|
349
|
-
<a id="
|
|
349
|
+
<a id="interface-0c27be"></a>• [`interface`](#interface-0c27be) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Interface](#interface-0c27be) below.
|
|
350
350
|
|
|
351
|
-
<a id="
|
|
351
|
+
<a id="gateway-d23a59"></a>• [`network_gateway`](#gateway-d23a59) - Optional String<br>Default Gateway
|
|
352
352
|
|
|
353
|
-
<a id="
|
|
353
|
+
<a id="self-ip-54f877"></a>• [`network_self_ip`](#self-ip-54f877) - Optional String<br>Self IP. Self IP CIDR
|
|
354
354
|
|
|
355
355
|
#### Baremetal Site Type Choice F5 Bare Metal Site Nodes External Interface Interface
|
|
356
356
|
|
|
357
|
-
An [`interface`](#
|
|
357
|
+
An [`interface`](#interface-0c27be) block (within [`baremetal_site_type_choice.f5_bare_metal_site.nodes.external_interface`](#interface-e258b4)) supports the following:
|
|
358
358
|
|
|
359
|
-
<a id="
|
|
359
|
+
<a id="name-e4872d"></a>• [`name`](#name-e4872d) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
360
360
|
|
|
361
|
-
<a id="
|
|
361
|
+
<a id="namespace-7ef309"></a>• [`namespace`](#namespace-7ef309) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
362
362
|
|
|
363
|
-
<a id="
|
|
363
|
+
<a id="tenant-c4b4ec"></a>• [`tenant`](#tenant-c4b4ec) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
364
364
|
|
|
365
365
|
#### Baremetal Site Type Choice F5 Bare Metal Site Nodes Internal Interface
|
|
366
366
|
|
|
367
|
-
An [`internal_interface`](#
|
|
367
|
+
An [`internal_interface`](#interface-eb05e4) block (within [`baremetal_site_type_choice.f5_bare_metal_site.nodes`](#nodes-d13441)) supports the following:
|
|
368
368
|
|
|
369
|
-
<a id="
|
|
369
|
+
<a id="interface-35aed8"></a>• [`interface`](#interface-35aed8) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Interface](#interface-35aed8) below.
|
|
370
370
|
|
|
371
|
-
<a id="
|
|
371
|
+
<a id="gateway-0fd736"></a>• [`network_gateway`](#gateway-0fd736) - Optional String<br>Default Gateway
|
|
372
372
|
|
|
373
|
-
<a id="
|
|
373
|
+
<a id="self-ip-a79065"></a>• [`network_self_ip`](#self-ip-a79065) - Optional String<br>Self IP. Self IP CIDR
|
|
374
374
|
|
|
375
375
|
#### Baremetal Site Type Choice F5 Bare Metal Site Nodes Internal Interface Interface
|
|
376
376
|
|
|
377
|
-
An [`interface`](#
|
|
377
|
+
An [`interface`](#interface-35aed8) block (within [`baremetal_site_type_choice.f5_bare_metal_site.nodes.internal_interface`](#interface-eb05e4)) supports the following:
|
|
378
378
|
|
|
379
|
-
<a id="
|
|
379
|
+
<a id="name-376328"></a>• [`name`](#name-376328) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
380
380
|
|
|
381
|
-
<a id="
|
|
381
|
+
<a id="namespace-b0dc9f"></a>• [`namespace`](#namespace-b0dc9f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
382
382
|
|
|
383
|
-
<a id="
|
|
383
|
+
<a id="tenant-6ad79b"></a>• [`tenant`](#tenant-6ad79b) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
384
384
|
|
|
385
385
|
#### HTTPS Management
|
|
386
386
|
|
|
@@ -388,11 +388,11 @@ A [`https_management`](#https-management) block supports the following:
|
|
|
388
388
|
|
|
389
389
|
<a id="https-management-advertise-on-internet"></a>• [`advertise_on_internet`](#https-management-advertise-on-internet) - Optional Block<br>Advertise Public. This defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available<br>See [Advertise On Internet](#https-management-advertise-on-internet) below.
|
|
390
390
|
|
|
391
|
-
<a id="
|
|
391
|
+
<a id="vip-00de2c"></a>• [`advertise_on_internet_default_vip`](#vip-00de2c) - Optional Block<br>Enable this option
|
|
392
392
|
|
|
393
393
|
<a id="https-management-advertise-on-sli-vip"></a>• [`advertise_on_sli_vip`](#https-management-advertise-on-sli-vip) - Optional Block<br>Inline TLS Parameters. Inline TLS parameters<br>See [Advertise On SLI VIP](#https-management-advertise-on-sli-vip) below.
|
|
394
394
|
|
|
395
|
-
<a id="
|
|
395
|
+
<a id="vip-6dd6e5"></a>• [`advertise_on_slo_internet_vip`](#vip-6dd6e5) - Optional Block<br>Inline TLS Parameters. Inline TLS parameters<br>See [Advertise On Slo Internet VIP](#vip-6dd6e5) below.
|
|
396
396
|
|
|
397
397
|
<a id="https-management-advertise-on-slo-sli"></a>• [`advertise_on_slo_sli`](#https-management-advertise-on-slo-sli) - Optional Block<br>Inline TLS Parameters. Inline TLS parameters<br>See [Advertise On Slo SLI](#https-management-advertise-on-slo-sli) below.
|
|
398
398
|
|
|
@@ -408,521 +408,521 @@ A [`https_management`](#https-management) block supports the following:
|
|
|
408
408
|
|
|
409
409
|
An [`advertise_on_internet`](#https-management-advertise-on-internet) block (within [`https_management`](#https-management)) supports the following:
|
|
410
410
|
|
|
411
|
-
<a id="
|
|
411
|
+
<a id="public-ip-e501cc"></a>• [`public_ip`](#public-ip-e501cc) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Public IP](#public-ip-e501cc) below.
|
|
412
412
|
|
|
413
413
|
#### HTTPS Management Advertise On Internet Public IP
|
|
414
414
|
|
|
415
|
-
A [`public_ip`](#
|
|
415
|
+
A [`public_ip`](#public-ip-e501cc) block (within [`https_management.advertise_on_internet`](#https-management-advertise-on-internet)) supports the following:
|
|
416
416
|
|
|
417
|
-
<a id="
|
|
417
|
+
<a id="name-c549a1"></a>• [`name`](#name-c549a1) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
418
418
|
|
|
419
|
-
<a id="
|
|
419
|
+
<a id="namespace-8fcb5e"></a>• [`namespace`](#namespace-8fcb5e) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
420
420
|
|
|
421
|
-
<a id="
|
|
421
|
+
<a id="tenant-5cb820"></a>• [`tenant`](#tenant-5cb820) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
422
422
|
|
|
423
423
|
#### HTTPS Management Advertise On SLI VIP
|
|
424
424
|
|
|
425
425
|
An [`advertise_on_sli_vip`](#https-management-advertise-on-sli-vip) block (within [`https_management`](#https-management)) supports the following:
|
|
426
426
|
|
|
427
|
-
<a id="
|
|
427
|
+
<a id="mtls-1bd8e3"></a>• [`no_mtls`](#mtls-1bd8e3) - Optional Block<br>Enable this option
|
|
428
428
|
|
|
429
|
-
<a id="
|
|
429
|
+
<a id="certificates-5355d7"></a>• [`tls_certificates`](#certificates-5355d7) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-5355d7) below.
|
|
430
430
|
|
|
431
|
-
<a id="
|
|
431
|
+
<a id="config-9f094b"></a>• [`tls_config`](#config-9f094b) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-9f094b) below.
|
|
432
432
|
|
|
433
|
-
<a id="
|
|
433
|
+
<a id="mtls-c1dce4"></a>• [`use_mtls`](#mtls-c1dce4) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-c1dce4) below.
|
|
434
434
|
|
|
435
435
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates
|
|
436
436
|
|
|
437
|
-
A [`tls_certificates`](#
|
|
437
|
+
A [`tls_certificates`](#certificates-5355d7) block (within [`https_management.advertise_on_sli_vip`](#https-management-advertise-on-sli-vip)) supports the following:
|
|
438
438
|
|
|
439
|
-
<a id="
|
|
439
|
+
<a id="url-6da58e"></a>• [`certificate_url`](#url-6da58e) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
440
440
|
|
|
441
|
-
<a id="
|
|
441
|
+
<a id="algorithms-df25ed"></a>• [`custom_hash_algorithms`](#algorithms-df25ed) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-df25ed) below.
|
|
442
442
|
|
|
443
|
-
<a id="
|
|
443
|
+
<a id="spec-ca69ee"></a>• [`description_spec`](#spec-ca69ee) - Optional String<br>Description. Description for the certificate
|
|
444
444
|
|
|
445
|
-
<a id="
|
|
445
|
+
<a id="stapling-2e3125"></a>• [`disable_ocsp_stapling`](#stapling-2e3125) - Optional Block<br>Enable this option
|
|
446
446
|
|
|
447
|
-
<a id="
|
|
447
|
+
<a id="key-7c0097"></a>• [`private_key`](#key-7c0097) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-7c0097) below.
|
|
448
448
|
|
|
449
|
-
<a id="
|
|
449
|
+
<a id="defaults-18ac4e"></a>• [`use_system_defaults`](#defaults-18ac4e) - Optional Block<br>Enable this option
|
|
450
450
|
|
|
451
451
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Custom Hash Algorithms
|
|
452
452
|
|
|
453
|
-
A [`custom_hash_algorithms`](#
|
|
453
|
+
A [`custom_hash_algorithms`](#algorithms-df25ed) block (within [`https_management.advertise_on_sli_vip.tls_certificates`](#certificates-5355d7)) supports the following:
|
|
454
454
|
|
|
455
|
-
<a id="
|
|
455
|
+
<a id="algorithms-083c58"></a>• [`hash_algorithms`](#algorithms-083c58) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
456
456
|
|
|
457
457
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Private Key
|
|
458
458
|
|
|
459
|
-
A [`private_key`](#
|
|
459
|
+
A [`private_key`](#key-7c0097) block (within [`https_management.advertise_on_sli_vip.tls_certificates`](#certificates-5355d7)) supports the following:
|
|
460
460
|
|
|
461
|
-
<a id="
|
|
461
|
+
<a id="info-d9df15"></a>• [`blindfold_secret_info`](#info-d9df15) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-d9df15) below.
|
|
462
462
|
|
|
463
|
-
<a id="
|
|
463
|
+
<a id="info-54e3b2"></a>• [`clear_secret_info`](#info-54e3b2) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-54e3b2) below.
|
|
464
464
|
|
|
465
465
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Private Key Blindfold Secret Info
|
|
466
466
|
|
|
467
|
-
A [`blindfold_secret_info`](#
|
|
467
|
+
A [`blindfold_secret_info`](#info-d9df15) block (within [`https_management.advertise_on_sli_vip.tls_certificates.private_key`](#key-7c0097)) supports the following:
|
|
468
468
|
|
|
469
|
-
<a id="
|
|
469
|
+
<a id="provider-5f1a70"></a>• [`decryption_provider`](#provider-5f1a70) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
470
470
|
|
|
471
|
-
<a id="
|
|
471
|
+
<a id="location-fa523c"></a>• [`location`](#location-fa523c) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
472
472
|
|
|
473
|
-
<a id="
|
|
473
|
+
<a id="provider-12c9c1"></a>• [`store_provider`](#provider-12c9c1) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
474
474
|
|
|
475
475
|
#### HTTPS Management Advertise On SLI VIP TLS Certificates Private Key Clear Secret Info
|
|
476
476
|
|
|
477
|
-
A [`clear_secret_info`](#
|
|
477
|
+
A [`clear_secret_info`](#info-54e3b2) block (within [`https_management.advertise_on_sli_vip.tls_certificates.private_key`](#key-7c0097)) supports the following:
|
|
478
478
|
|
|
479
|
-
<a id="
|
|
479
|
+
<a id="ref-98dcbd"></a>• [`provider_ref`](#ref-98dcbd) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
480
480
|
|
|
481
|
-
<a id="
|
|
481
|
+
<a id="url-ab8c1e"></a>• [`url`](#url-ab8c1e) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
482
482
|
|
|
483
483
|
#### HTTPS Management Advertise On SLI VIP TLS Config
|
|
484
484
|
|
|
485
|
-
A [`tls_config`](#
|
|
485
|
+
A [`tls_config`](#config-9f094b) block (within [`https_management.advertise_on_sli_vip`](#https-management-advertise-on-sli-vip)) supports the following:
|
|
486
486
|
|
|
487
|
-
<a id="
|
|
487
|
+
<a id="security-dfdc05"></a>• [`custom_security`](#security-dfdc05) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-dfdc05) below.
|
|
488
488
|
|
|
489
|
-
<a id="
|
|
489
|
+
<a id="security-9de532"></a>• [`default_security`](#security-9de532) - Optional Block<br>Enable this option
|
|
490
490
|
|
|
491
|
-
<a id="
|
|
491
|
+
<a id="security-69850d"></a>• [`low_security`](#security-69850d) - Optional Block<br>Enable this option
|
|
492
492
|
|
|
493
|
-
<a id="
|
|
493
|
+
<a id="security-214afa"></a>• [`medium_security`](#security-214afa) - Optional Block<br>Enable this option
|
|
494
494
|
|
|
495
495
|
#### HTTPS Management Advertise On SLI VIP TLS Config Custom Security
|
|
496
496
|
|
|
497
|
-
A [`custom_security`](#
|
|
497
|
+
A [`custom_security`](#security-dfdc05) block (within [`https_management.advertise_on_sli_vip.tls_config`](#config-9f094b)) supports the following:
|
|
498
498
|
|
|
499
|
-
<a id="
|
|
499
|
+
<a id="suites-fb1fde"></a>• [`cipher_suites`](#suites-fb1fde) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
500
500
|
|
|
501
|
-
<a id="
|
|
501
|
+
<a id="version-b07adb"></a>• [`max_version`](#version-b07adb) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
502
502
|
|
|
503
|
-
<a id="
|
|
503
|
+
<a id="version-2c0f87"></a>• [`min_version`](#version-2c0f87) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
504
504
|
|
|
505
505
|
#### HTTPS Management Advertise On SLI VIP Use mTLS
|
|
506
506
|
|
|
507
|
-
An [`use_mtls`](#
|
|
507
|
+
An [`use_mtls`](#mtls-c1dce4) block (within [`https_management.advertise_on_sli_vip`](#https-management-advertise-on-sli-vip)) supports the following:
|
|
508
508
|
|
|
509
|
-
<a id="
|
|
509
|
+
<a id="optional-68adb9"></a>• [`client_certificate_optional`](#optional-68adb9) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
510
510
|
|
|
511
|
-
<a id="
|
|
511
|
+
<a id="crl-19936d"></a>• [`crl`](#crl-19936d) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-19936d) below.
|
|
512
512
|
|
|
513
|
-
<a id="
|
|
513
|
+
<a id="crl-fac420"></a>• [`no_crl`](#crl-fac420) - Optional Block<br>Enable this option
|
|
514
514
|
|
|
515
|
-
<a id="
|
|
515
|
+
<a id="trusted-ca-b9e38a"></a>• [`trusted_ca`](#trusted-ca-b9e38a) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-b9e38a) below.
|
|
516
516
|
|
|
517
|
-
<a id="
|
|
517
|
+
<a id="url-b6ba65"></a>• [`trusted_ca_url`](#url-b6ba65) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
518
518
|
|
|
519
|
-
<a id="
|
|
519
|
+
<a id="disabled-e8c4ec"></a>• [`xfcc_disabled`](#disabled-e8c4ec) - Optional Block<br>Enable this option
|
|
520
520
|
|
|
521
|
-
<a id="
|
|
521
|
+
<a id="options-ca97b0"></a>• [`xfcc_options`](#options-ca97b0) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-ca97b0) below.
|
|
522
522
|
|
|
523
523
|
#### HTTPS Management Advertise On SLI VIP Use mTLS CRL
|
|
524
524
|
|
|
525
|
-
A [`crl`](#
|
|
525
|
+
A [`crl`](#crl-19936d) block (within [`https_management.advertise_on_sli_vip.use_mtls`](#mtls-c1dce4)) supports the following:
|
|
526
526
|
|
|
527
|
-
<a id="
|
|
527
|
+
<a id="name-fed988"></a>• [`name`](#name-fed988) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
528
528
|
|
|
529
|
-
<a id="
|
|
529
|
+
<a id="namespace-b0813f"></a>• [`namespace`](#namespace-b0813f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
530
530
|
|
|
531
|
-
<a id="
|
|
531
|
+
<a id="tenant-374a05"></a>• [`tenant`](#tenant-374a05) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
532
532
|
|
|
533
533
|
#### HTTPS Management Advertise On SLI VIP Use mTLS Trusted CA
|
|
534
534
|
|
|
535
|
-
A [`trusted_ca`](#
|
|
535
|
+
A [`trusted_ca`](#trusted-ca-b9e38a) block (within [`https_management.advertise_on_sli_vip.use_mtls`](#mtls-c1dce4)) supports the following:
|
|
536
536
|
|
|
537
|
-
<a id="
|
|
537
|
+
<a id="name-1925aa"></a>• [`name`](#name-1925aa) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
538
538
|
|
|
539
|
-
<a id="
|
|
539
|
+
<a id="namespace-65c37d"></a>• [`namespace`](#namespace-65c37d) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
540
540
|
|
|
541
|
-
<a id="
|
|
541
|
+
<a id="tenant-2c045b"></a>• [`tenant`](#tenant-2c045b) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
542
542
|
|
|
543
543
|
#### HTTPS Management Advertise On SLI VIP Use mTLS Xfcc Options
|
|
544
544
|
|
|
545
|
-
A [`xfcc_options`](#
|
|
545
|
+
A [`xfcc_options`](#options-ca97b0) block (within [`https_management.advertise_on_sli_vip.use_mtls`](#mtls-c1dce4)) supports the following:
|
|
546
546
|
|
|
547
|
-
<a id="
|
|
547
|
+
<a id="elements-1f3d82"></a>• [`xfcc_header_elements`](#elements-1f3d82) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
548
548
|
|
|
549
549
|
#### HTTPS Management Advertise On Slo Internet VIP
|
|
550
550
|
|
|
551
|
-
An [`advertise_on_slo_internet_vip`](#
|
|
551
|
+
An [`advertise_on_slo_internet_vip`](#vip-6dd6e5) block (within [`https_management`](#https-management)) supports the following:
|
|
552
552
|
|
|
553
|
-
<a id="
|
|
553
|
+
<a id="mtls-65c4ed"></a>• [`no_mtls`](#mtls-65c4ed) - Optional Block<br>Enable this option
|
|
554
554
|
|
|
555
|
-
<a id="
|
|
555
|
+
<a id="certificates-748bff"></a>• [`tls_certificates`](#certificates-748bff) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-748bff) below.
|
|
556
556
|
|
|
557
|
-
<a id="
|
|
557
|
+
<a id="config-3dcb79"></a>• [`tls_config`](#config-3dcb79) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-3dcb79) below.
|
|
558
558
|
|
|
559
|
-
<a id="
|
|
559
|
+
<a id="mtls-2fcd89"></a>• [`use_mtls`](#mtls-2fcd89) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-2fcd89) below.
|
|
560
560
|
|
|
561
561
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates
|
|
562
562
|
|
|
563
|
-
A [`tls_certificates`](#
|
|
563
|
+
A [`tls_certificates`](#certificates-748bff) block (within [`https_management.advertise_on_slo_internet_vip`](#vip-6dd6e5)) supports the following:
|
|
564
564
|
|
|
565
|
-
<a id="
|
|
565
|
+
<a id="url-538fd1"></a>• [`certificate_url`](#url-538fd1) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
566
566
|
|
|
567
|
-
<a id="
|
|
567
|
+
<a id="algorithms-396399"></a>• [`custom_hash_algorithms`](#algorithms-396399) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-396399) below.
|
|
568
568
|
|
|
569
|
-
<a id="
|
|
569
|
+
<a id="spec-319b4d"></a>• [`description_spec`](#spec-319b4d) - Optional String<br>Description. Description for the certificate
|
|
570
570
|
|
|
571
|
-
<a id="
|
|
571
|
+
<a id="stapling-26e75e"></a>• [`disable_ocsp_stapling`](#stapling-26e75e) - Optional Block<br>Enable this option
|
|
572
572
|
|
|
573
|
-
<a id="
|
|
573
|
+
<a id="key-d9eadd"></a>• [`private_key`](#key-d9eadd) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-d9eadd) below.
|
|
574
574
|
|
|
575
|
-
<a id="
|
|
575
|
+
<a id="defaults-eae44a"></a>• [`use_system_defaults`](#defaults-eae44a) - Optional Block<br>Enable this option
|
|
576
576
|
|
|
577
577
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Custom Hash Algorithms
|
|
578
578
|
|
|
579
|
-
A [`custom_hash_algorithms`](#
|
|
579
|
+
A [`custom_hash_algorithms`](#algorithms-396399) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates`](#certificates-748bff)) supports the following:
|
|
580
580
|
|
|
581
|
-
<a id="
|
|
581
|
+
<a id="algorithms-0fe11a"></a>• [`hash_algorithms`](#algorithms-0fe11a) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
582
582
|
|
|
583
583
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Private Key
|
|
584
584
|
|
|
585
|
-
A [`private_key`](#
|
|
585
|
+
A [`private_key`](#key-d9eadd) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates`](#certificates-748bff)) supports the following:
|
|
586
586
|
|
|
587
|
-
<a id="
|
|
587
|
+
<a id="info-fb4948"></a>• [`blindfold_secret_info`](#info-fb4948) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-fb4948) below.
|
|
588
588
|
|
|
589
|
-
<a id="
|
|
589
|
+
<a id="info-7e382d"></a>• [`clear_secret_info`](#info-7e382d) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-7e382d) below.
|
|
590
590
|
|
|
591
591
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Private Key Blindfold Secret Info
|
|
592
592
|
|
|
593
|
-
A [`blindfold_secret_info`](#
|
|
593
|
+
A [`blindfold_secret_info`](#info-fb4948) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates.private_key`](#key-d9eadd)) supports the following:
|
|
594
594
|
|
|
595
|
-
<a id="
|
|
595
|
+
<a id="provider-3f630f"></a>• [`decryption_provider`](#provider-3f630f) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
596
596
|
|
|
597
|
-
<a id="
|
|
597
|
+
<a id="location-da3b9c"></a>• [`location`](#location-da3b9c) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
598
598
|
|
|
599
|
-
<a id="
|
|
599
|
+
<a id="provider-84b5f6"></a>• [`store_provider`](#provider-84b5f6) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
600
600
|
|
|
601
601
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Certificates Private Key Clear Secret Info
|
|
602
602
|
|
|
603
|
-
A [`clear_secret_info`](#
|
|
603
|
+
A [`clear_secret_info`](#info-7e382d) block (within [`https_management.advertise_on_slo_internet_vip.tls_certificates.private_key`](#key-d9eadd)) supports the following:
|
|
604
604
|
|
|
605
|
-
<a id="
|
|
605
|
+
<a id="ref-218907"></a>• [`provider_ref`](#ref-218907) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
606
606
|
|
|
607
|
-
<a id="
|
|
607
|
+
<a id="url-19877d"></a>• [`url`](#url-19877d) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
608
608
|
|
|
609
609
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Config
|
|
610
610
|
|
|
611
|
-
A [`tls_config`](#
|
|
611
|
+
A [`tls_config`](#config-3dcb79) block (within [`https_management.advertise_on_slo_internet_vip`](#vip-6dd6e5)) supports the following:
|
|
612
612
|
|
|
613
|
-
<a id="
|
|
613
|
+
<a id="security-b809cf"></a>• [`custom_security`](#security-b809cf) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-b809cf) below.
|
|
614
614
|
|
|
615
|
-
<a id="
|
|
615
|
+
<a id="security-e059f2"></a>• [`default_security`](#security-e059f2) - Optional Block<br>Enable this option
|
|
616
616
|
|
|
617
|
-
<a id="
|
|
617
|
+
<a id="security-9a6aa9"></a>• [`low_security`](#security-9a6aa9) - Optional Block<br>Enable this option
|
|
618
618
|
|
|
619
|
-
<a id="
|
|
619
|
+
<a id="security-e4549d"></a>• [`medium_security`](#security-e4549d) - Optional Block<br>Enable this option
|
|
620
620
|
|
|
621
621
|
#### HTTPS Management Advertise On Slo Internet VIP TLS Config Custom Security
|
|
622
622
|
|
|
623
|
-
A [`custom_security`](#
|
|
623
|
+
A [`custom_security`](#security-b809cf) block (within [`https_management.advertise_on_slo_internet_vip.tls_config`](#config-3dcb79)) supports the following:
|
|
624
624
|
|
|
625
|
-
<a id="
|
|
625
|
+
<a id="suites-8ab58a"></a>• [`cipher_suites`](#suites-8ab58a) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
626
626
|
|
|
627
|
-
<a id="
|
|
627
|
+
<a id="version-fe0ab6"></a>• [`max_version`](#version-fe0ab6) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
628
628
|
|
|
629
|
-
<a id="
|
|
629
|
+
<a id="version-c193af"></a>• [`min_version`](#version-c193af) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
630
630
|
|
|
631
631
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS
|
|
632
632
|
|
|
633
|
-
An [`use_mtls`](#
|
|
633
|
+
An [`use_mtls`](#mtls-2fcd89) block (within [`https_management.advertise_on_slo_internet_vip`](#vip-6dd6e5)) supports the following:
|
|
634
634
|
|
|
635
|
-
<a id="
|
|
635
|
+
<a id="optional-bb69f8"></a>• [`client_certificate_optional`](#optional-bb69f8) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
636
636
|
|
|
637
|
-
<a id="
|
|
637
|
+
<a id="crl-d07bf8"></a>• [`crl`](#crl-d07bf8) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-d07bf8) below.
|
|
638
638
|
|
|
639
|
-
<a id="
|
|
639
|
+
<a id="crl-aeab3f"></a>• [`no_crl`](#crl-aeab3f) - Optional Block<br>Enable this option
|
|
640
640
|
|
|
641
|
-
<a id="
|
|
641
|
+
<a id="trusted-ca-046a20"></a>• [`trusted_ca`](#trusted-ca-046a20) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-046a20) below.
|
|
642
642
|
|
|
643
|
-
<a id="
|
|
643
|
+
<a id="url-248df7"></a>• [`trusted_ca_url`](#url-248df7) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
644
644
|
|
|
645
|
-
<a id="
|
|
645
|
+
<a id="disabled-369402"></a>• [`xfcc_disabled`](#disabled-369402) - Optional Block<br>Enable this option
|
|
646
646
|
|
|
647
|
-
<a id="
|
|
647
|
+
<a id="options-683773"></a>• [`xfcc_options`](#options-683773) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-683773) below.
|
|
648
648
|
|
|
649
649
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS CRL
|
|
650
650
|
|
|
651
|
-
A [`crl`](#
|
|
651
|
+
A [`crl`](#crl-d07bf8) block (within [`https_management.advertise_on_slo_internet_vip.use_mtls`](#mtls-2fcd89)) supports the following:
|
|
652
652
|
|
|
653
|
-
<a id="
|
|
653
|
+
<a id="name-7fe25b"></a>• [`name`](#name-7fe25b) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
654
654
|
|
|
655
|
-
<a id="
|
|
655
|
+
<a id="namespace-a1ad51"></a>• [`namespace`](#namespace-a1ad51) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
656
656
|
|
|
657
|
-
<a id="
|
|
657
|
+
<a id="tenant-3af425"></a>• [`tenant`](#tenant-3af425) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
658
658
|
|
|
659
659
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS Trusted CA
|
|
660
660
|
|
|
661
|
-
A [`trusted_ca`](#
|
|
661
|
+
A [`trusted_ca`](#trusted-ca-046a20) block (within [`https_management.advertise_on_slo_internet_vip.use_mtls`](#mtls-2fcd89)) supports the following:
|
|
662
662
|
|
|
663
|
-
<a id="
|
|
663
|
+
<a id="name-f0c02e"></a>• [`name`](#name-f0c02e) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
664
664
|
|
|
665
|
-
<a id="
|
|
665
|
+
<a id="namespace-571413"></a>• [`namespace`](#namespace-571413) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
666
666
|
|
|
667
|
-
<a id="
|
|
667
|
+
<a id="tenant-b6f682"></a>• [`tenant`](#tenant-b6f682) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
668
668
|
|
|
669
669
|
#### HTTPS Management Advertise On Slo Internet VIP Use mTLS Xfcc Options
|
|
670
670
|
|
|
671
|
-
A [`xfcc_options`](#
|
|
671
|
+
A [`xfcc_options`](#options-683773) block (within [`https_management.advertise_on_slo_internet_vip.use_mtls`](#mtls-2fcd89)) supports the following:
|
|
672
672
|
|
|
673
|
-
<a id="
|
|
673
|
+
<a id="elements-37d5da"></a>• [`xfcc_header_elements`](#elements-37d5da) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
674
674
|
|
|
675
675
|
#### HTTPS Management Advertise On Slo SLI
|
|
676
676
|
|
|
677
677
|
An [`advertise_on_slo_sli`](#https-management-advertise-on-slo-sli) block (within [`https_management`](#https-management)) supports the following:
|
|
678
678
|
|
|
679
|
-
<a id="
|
|
679
|
+
<a id="mtls-e2f684"></a>• [`no_mtls`](#mtls-e2f684) - Optional Block<br>Enable this option
|
|
680
680
|
|
|
681
|
-
<a id="
|
|
681
|
+
<a id="certificates-b923c1"></a>• [`tls_certificates`](#certificates-b923c1) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-b923c1) below.
|
|
682
682
|
|
|
683
|
-
<a id="
|
|
683
|
+
<a id="config-2cd93f"></a>• [`tls_config`](#config-2cd93f) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-2cd93f) below.
|
|
684
684
|
|
|
685
|
-
<a id="
|
|
685
|
+
<a id="mtls-b8036a"></a>• [`use_mtls`](#mtls-b8036a) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-b8036a) below.
|
|
686
686
|
|
|
687
687
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates
|
|
688
688
|
|
|
689
|
-
A [`tls_certificates`](#
|
|
689
|
+
A [`tls_certificates`](#certificates-b923c1) block (within [`https_management.advertise_on_slo_sli`](#https-management-advertise-on-slo-sli)) supports the following:
|
|
690
690
|
|
|
691
|
-
<a id="
|
|
691
|
+
<a id="url-599a7a"></a>• [`certificate_url`](#url-599a7a) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
692
692
|
|
|
693
|
-
<a id="
|
|
693
|
+
<a id="algorithms-54e57d"></a>• [`custom_hash_algorithms`](#algorithms-54e57d) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-54e57d) below.
|
|
694
694
|
|
|
695
|
-
<a id="
|
|
695
|
+
<a id="spec-674aab"></a>• [`description_spec`](#spec-674aab) - Optional String<br>Description. Description for the certificate
|
|
696
696
|
|
|
697
|
-
<a id="
|
|
697
|
+
<a id="stapling-2445e8"></a>• [`disable_ocsp_stapling`](#stapling-2445e8) - Optional Block<br>Enable this option
|
|
698
698
|
|
|
699
|
-
<a id="
|
|
699
|
+
<a id="key-f51e15"></a>• [`private_key`](#key-f51e15) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-f51e15) below.
|
|
700
700
|
|
|
701
|
-
<a id="
|
|
701
|
+
<a id="defaults-bb55aa"></a>• [`use_system_defaults`](#defaults-bb55aa) - Optional Block<br>Enable this option
|
|
702
702
|
|
|
703
703
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Custom Hash Algorithms
|
|
704
704
|
|
|
705
|
-
A [`custom_hash_algorithms`](#
|
|
705
|
+
A [`custom_hash_algorithms`](#algorithms-54e57d) block (within [`https_management.advertise_on_slo_sli.tls_certificates`](#certificates-b923c1)) supports the following:
|
|
706
706
|
|
|
707
|
-
<a id="
|
|
707
|
+
<a id="algorithms-c29f03"></a>• [`hash_algorithms`](#algorithms-c29f03) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
708
708
|
|
|
709
709
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Private Key
|
|
710
710
|
|
|
711
|
-
A [`private_key`](#
|
|
711
|
+
A [`private_key`](#key-f51e15) block (within [`https_management.advertise_on_slo_sli.tls_certificates`](#certificates-b923c1)) supports the following:
|
|
712
712
|
|
|
713
|
-
<a id="
|
|
713
|
+
<a id="info-4c3e9e"></a>• [`blindfold_secret_info`](#info-4c3e9e) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-4c3e9e) below.
|
|
714
714
|
|
|
715
|
-
<a id="
|
|
715
|
+
<a id="info-0591f3"></a>• [`clear_secret_info`](#info-0591f3) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-0591f3) below.
|
|
716
716
|
|
|
717
717
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Private Key Blindfold Secret Info
|
|
718
718
|
|
|
719
|
-
A [`blindfold_secret_info`](#
|
|
719
|
+
A [`blindfold_secret_info`](#info-4c3e9e) block (within [`https_management.advertise_on_slo_sli.tls_certificates.private_key`](#key-f51e15)) supports the following:
|
|
720
720
|
|
|
721
|
-
<a id="
|
|
721
|
+
<a id="provider-77378b"></a>• [`decryption_provider`](#provider-77378b) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
722
722
|
|
|
723
|
-
<a id="
|
|
723
|
+
<a id="location-6e8882"></a>• [`location`](#location-6e8882) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
724
724
|
|
|
725
|
-
<a id="
|
|
725
|
+
<a id="provider-23e4a9"></a>• [`store_provider`](#provider-23e4a9) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
726
726
|
|
|
727
727
|
#### HTTPS Management Advertise On Slo SLI TLS Certificates Private Key Clear Secret Info
|
|
728
728
|
|
|
729
|
-
A [`clear_secret_info`](#
|
|
729
|
+
A [`clear_secret_info`](#info-0591f3) block (within [`https_management.advertise_on_slo_sli.tls_certificates.private_key`](#key-f51e15)) supports the following:
|
|
730
730
|
|
|
731
|
-
<a id="
|
|
731
|
+
<a id="ref-2692e5"></a>• [`provider_ref`](#ref-2692e5) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
732
732
|
|
|
733
|
-
<a id="
|
|
733
|
+
<a id="url-9ede10"></a>• [`url`](#url-9ede10) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
734
734
|
|
|
735
735
|
#### HTTPS Management Advertise On Slo SLI TLS Config
|
|
736
736
|
|
|
737
|
-
A [`tls_config`](#
|
|
737
|
+
A [`tls_config`](#config-2cd93f) block (within [`https_management.advertise_on_slo_sli`](#https-management-advertise-on-slo-sli)) supports the following:
|
|
738
738
|
|
|
739
|
-
<a id="
|
|
739
|
+
<a id="security-57cb09"></a>• [`custom_security`](#security-57cb09) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-57cb09) below.
|
|
740
740
|
|
|
741
|
-
<a id="
|
|
741
|
+
<a id="security-66b767"></a>• [`default_security`](#security-66b767) - Optional Block<br>Enable this option
|
|
742
742
|
|
|
743
|
-
<a id="
|
|
743
|
+
<a id="security-bc0213"></a>• [`low_security`](#security-bc0213) - Optional Block<br>Enable this option
|
|
744
744
|
|
|
745
|
-
<a id="
|
|
745
|
+
<a id="security-23b628"></a>• [`medium_security`](#security-23b628) - Optional Block<br>Enable this option
|
|
746
746
|
|
|
747
747
|
#### HTTPS Management Advertise On Slo SLI TLS Config Custom Security
|
|
748
748
|
|
|
749
|
-
A [`custom_security`](#
|
|
749
|
+
A [`custom_security`](#security-57cb09) block (within [`https_management.advertise_on_slo_sli.tls_config`](#config-2cd93f)) supports the following:
|
|
750
750
|
|
|
751
|
-
<a id="
|
|
751
|
+
<a id="suites-17c459"></a>• [`cipher_suites`](#suites-17c459) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
752
752
|
|
|
753
|
-
<a id="
|
|
753
|
+
<a id="version-941401"></a>• [`max_version`](#version-941401) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
754
754
|
|
|
755
|
-
<a id="
|
|
755
|
+
<a id="version-cc08f5"></a>• [`min_version`](#version-cc08f5) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
756
756
|
|
|
757
757
|
#### HTTPS Management Advertise On Slo SLI Use mTLS
|
|
758
758
|
|
|
759
|
-
An [`use_mtls`](#
|
|
759
|
+
An [`use_mtls`](#mtls-b8036a) block (within [`https_management.advertise_on_slo_sli`](#https-management-advertise-on-slo-sli)) supports the following:
|
|
760
760
|
|
|
761
|
-
<a id="
|
|
761
|
+
<a id="optional-c1d942"></a>• [`client_certificate_optional`](#optional-c1d942) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
762
762
|
|
|
763
|
-
<a id="
|
|
763
|
+
<a id="crl-341796"></a>• [`crl`](#crl-341796) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-341796) below.
|
|
764
764
|
|
|
765
|
-
<a id="
|
|
765
|
+
<a id="crl-438487"></a>• [`no_crl`](#crl-438487) - Optional Block<br>Enable this option
|
|
766
766
|
|
|
767
|
-
<a id="
|
|
767
|
+
<a id="trusted-ca-baa118"></a>• [`trusted_ca`](#trusted-ca-baa118) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-baa118) below.
|
|
768
768
|
|
|
769
|
-
<a id="
|
|
769
|
+
<a id="url-379c50"></a>• [`trusted_ca_url`](#url-379c50) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
770
770
|
|
|
771
|
-
<a id="
|
|
771
|
+
<a id="disabled-d3e7d3"></a>• [`xfcc_disabled`](#disabled-d3e7d3) - Optional Block<br>Enable this option
|
|
772
772
|
|
|
773
|
-
<a id="
|
|
773
|
+
<a id="options-375329"></a>• [`xfcc_options`](#options-375329) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-375329) below.
|
|
774
774
|
|
|
775
775
|
#### HTTPS Management Advertise On Slo SLI Use mTLS CRL
|
|
776
776
|
|
|
777
|
-
A [`crl`](#
|
|
777
|
+
A [`crl`](#crl-341796) block (within [`https_management.advertise_on_slo_sli.use_mtls`](#mtls-b8036a)) supports the following:
|
|
778
778
|
|
|
779
|
-
<a id="
|
|
779
|
+
<a id="name-58addb"></a>• [`name`](#name-58addb) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
780
780
|
|
|
781
|
-
<a id="
|
|
781
|
+
<a id="namespace-cc6b41"></a>• [`namespace`](#namespace-cc6b41) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
782
782
|
|
|
783
|
-
<a id="
|
|
783
|
+
<a id="tenant-9a7435"></a>• [`tenant`](#tenant-9a7435) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
784
784
|
|
|
785
785
|
#### HTTPS Management Advertise On Slo SLI Use mTLS Trusted CA
|
|
786
786
|
|
|
787
|
-
A [`trusted_ca`](#
|
|
787
|
+
A [`trusted_ca`](#trusted-ca-baa118) block (within [`https_management.advertise_on_slo_sli.use_mtls`](#mtls-b8036a)) supports the following:
|
|
788
788
|
|
|
789
|
-
<a id="
|
|
789
|
+
<a id="name-db371b"></a>• [`name`](#name-db371b) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
790
790
|
|
|
791
|
-
<a id="
|
|
791
|
+
<a id="namespace-57369f"></a>• [`namespace`](#namespace-57369f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
792
792
|
|
|
793
|
-
<a id="
|
|
793
|
+
<a id="tenant-e6475c"></a>• [`tenant`](#tenant-e6475c) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
794
794
|
|
|
795
795
|
#### HTTPS Management Advertise On Slo SLI Use mTLS Xfcc Options
|
|
796
796
|
|
|
797
|
-
A [`xfcc_options`](#
|
|
797
|
+
A [`xfcc_options`](#options-375329) block (within [`https_management.advertise_on_slo_sli.use_mtls`](#mtls-b8036a)) supports the following:
|
|
798
798
|
|
|
799
|
-
<a id="
|
|
799
|
+
<a id="elements-c28be3"></a>• [`xfcc_header_elements`](#elements-c28be3) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
800
800
|
|
|
801
801
|
#### HTTPS Management Advertise On Slo VIP
|
|
802
802
|
|
|
803
803
|
An [`advertise_on_slo_vip`](#https-management-advertise-on-slo-vip) block (within [`https_management`](#https-management)) supports the following:
|
|
804
804
|
|
|
805
|
-
<a id="
|
|
805
|
+
<a id="mtls-476751"></a>• [`no_mtls`](#mtls-476751) - Optional Block<br>Enable this option
|
|
806
806
|
|
|
807
|
-
<a id="
|
|
807
|
+
<a id="certificates-49cf23"></a>• [`tls_certificates`](#certificates-49cf23) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-49cf23) below.
|
|
808
808
|
|
|
809
|
-
<a id="
|
|
809
|
+
<a id="config-eb7c38"></a>• [`tls_config`](#config-eb7c38) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-eb7c38) below.
|
|
810
810
|
|
|
811
|
-
<a id="
|
|
811
|
+
<a id="mtls-85e7e5"></a>• [`use_mtls`](#mtls-85e7e5) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-85e7e5) below.
|
|
812
812
|
|
|
813
813
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates
|
|
814
814
|
|
|
815
|
-
A [`tls_certificates`](#
|
|
815
|
+
A [`tls_certificates`](#certificates-49cf23) block (within [`https_management.advertise_on_slo_vip`](#https-management-advertise-on-slo-vip)) supports the following:
|
|
816
816
|
|
|
817
|
-
<a id="
|
|
817
|
+
<a id="url-ba483c"></a>• [`certificate_url`](#url-ba483c) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
818
818
|
|
|
819
|
-
<a id="
|
|
819
|
+
<a id="algorithms-e4042d"></a>• [`custom_hash_algorithms`](#algorithms-e4042d) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-e4042d) below.
|
|
820
820
|
|
|
821
|
-
<a id="
|
|
821
|
+
<a id="spec-8a3b62"></a>• [`description_spec`](#spec-8a3b62) - Optional String<br>Description. Description for the certificate
|
|
822
822
|
|
|
823
|
-
<a id="
|
|
823
|
+
<a id="stapling-ba3445"></a>• [`disable_ocsp_stapling`](#stapling-ba3445) - Optional Block<br>Enable this option
|
|
824
824
|
|
|
825
|
-
<a id="
|
|
825
|
+
<a id="key-5c1b57"></a>• [`private_key`](#key-5c1b57) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-5c1b57) below.
|
|
826
826
|
|
|
827
|
-
<a id="
|
|
827
|
+
<a id="defaults-81b355"></a>• [`use_system_defaults`](#defaults-81b355) - Optional Block<br>Enable this option
|
|
828
828
|
|
|
829
829
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Custom Hash Algorithms
|
|
830
830
|
|
|
831
|
-
A [`custom_hash_algorithms`](#
|
|
831
|
+
A [`custom_hash_algorithms`](#algorithms-e4042d) block (within [`https_management.advertise_on_slo_vip.tls_certificates`](#certificates-49cf23)) supports the following:
|
|
832
832
|
|
|
833
|
-
<a id="
|
|
833
|
+
<a id="algorithms-ba763b"></a>• [`hash_algorithms`](#algorithms-ba763b) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
834
834
|
|
|
835
835
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Private Key
|
|
836
836
|
|
|
837
|
-
A [`private_key`](#
|
|
837
|
+
A [`private_key`](#key-5c1b57) block (within [`https_management.advertise_on_slo_vip.tls_certificates`](#certificates-49cf23)) supports the following:
|
|
838
838
|
|
|
839
|
-
<a id="
|
|
839
|
+
<a id="info-2120cd"></a>• [`blindfold_secret_info`](#info-2120cd) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-2120cd) below.
|
|
840
840
|
|
|
841
|
-
<a id="
|
|
841
|
+
<a id="info-915c8d"></a>• [`clear_secret_info`](#info-915c8d) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-915c8d) below.
|
|
842
842
|
|
|
843
843
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Private Key Blindfold Secret Info
|
|
844
844
|
|
|
845
|
-
A [`blindfold_secret_info`](#
|
|
845
|
+
A [`blindfold_secret_info`](#info-2120cd) block (within [`https_management.advertise_on_slo_vip.tls_certificates.private_key`](#key-5c1b57)) supports the following:
|
|
846
846
|
|
|
847
|
-
<a id="
|
|
847
|
+
<a id="provider-51ffab"></a>• [`decryption_provider`](#provider-51ffab) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
848
848
|
|
|
849
|
-
<a id="
|
|
849
|
+
<a id="location-d426d5"></a>• [`location`](#location-d426d5) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
850
850
|
|
|
851
|
-
<a id="
|
|
851
|
+
<a id="provider-080ee2"></a>• [`store_provider`](#provider-080ee2) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
852
852
|
|
|
853
853
|
#### HTTPS Management Advertise On Slo VIP TLS Certificates Private Key Clear Secret Info
|
|
854
854
|
|
|
855
|
-
A [`clear_secret_info`](#
|
|
855
|
+
A [`clear_secret_info`](#info-915c8d) block (within [`https_management.advertise_on_slo_vip.tls_certificates.private_key`](#key-5c1b57)) supports the following:
|
|
856
856
|
|
|
857
|
-
<a id="
|
|
857
|
+
<a id="ref-e449ae"></a>• [`provider_ref`](#ref-e449ae) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
858
858
|
|
|
859
|
-
<a id="
|
|
859
|
+
<a id="url-a017e0"></a>• [`url`](#url-a017e0) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
860
860
|
|
|
861
861
|
#### HTTPS Management Advertise On Slo VIP TLS Config
|
|
862
862
|
|
|
863
|
-
A [`tls_config`](#
|
|
863
|
+
A [`tls_config`](#config-eb7c38) block (within [`https_management.advertise_on_slo_vip`](#https-management-advertise-on-slo-vip)) supports the following:
|
|
864
864
|
|
|
865
|
-
<a id="
|
|
865
|
+
<a id="security-0bffe9"></a>• [`custom_security`](#security-0bffe9) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-0bffe9) below.
|
|
866
866
|
|
|
867
|
-
<a id="
|
|
867
|
+
<a id="security-37fb06"></a>• [`default_security`](#security-37fb06) - Optional Block<br>Enable this option
|
|
868
868
|
|
|
869
|
-
<a id="
|
|
869
|
+
<a id="security-9296e2"></a>• [`low_security`](#security-9296e2) - Optional Block<br>Enable this option
|
|
870
870
|
|
|
871
|
-
<a id="
|
|
871
|
+
<a id="security-cfb564"></a>• [`medium_security`](#security-cfb564) - Optional Block<br>Enable this option
|
|
872
872
|
|
|
873
873
|
#### HTTPS Management Advertise On Slo VIP TLS Config Custom Security
|
|
874
874
|
|
|
875
|
-
A [`custom_security`](#
|
|
875
|
+
A [`custom_security`](#security-0bffe9) block (within [`https_management.advertise_on_slo_vip.tls_config`](#config-eb7c38)) supports the following:
|
|
876
876
|
|
|
877
|
-
<a id="
|
|
877
|
+
<a id="suites-f86936"></a>• [`cipher_suites`](#suites-f86936) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
878
878
|
|
|
879
|
-
<a id="
|
|
879
|
+
<a id="version-b8932f"></a>• [`max_version`](#version-b8932f) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
880
880
|
|
|
881
|
-
<a id="
|
|
881
|
+
<a id="version-84a755"></a>• [`min_version`](#version-84a755) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
882
882
|
|
|
883
883
|
#### HTTPS Management Advertise On Slo VIP Use mTLS
|
|
884
884
|
|
|
885
|
-
An [`use_mtls`](#
|
|
885
|
+
An [`use_mtls`](#mtls-85e7e5) block (within [`https_management.advertise_on_slo_vip`](#https-management-advertise-on-slo-vip)) supports the following:
|
|
886
886
|
|
|
887
|
-
<a id="
|
|
887
|
+
<a id="optional-ceba52"></a>• [`client_certificate_optional`](#optional-ceba52) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
888
888
|
|
|
889
|
-
<a id="
|
|
889
|
+
<a id="crl-35cfce"></a>• [`crl`](#crl-35cfce) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-35cfce) below.
|
|
890
890
|
|
|
891
|
-
<a id="
|
|
891
|
+
<a id="crl-80dcbd"></a>• [`no_crl`](#crl-80dcbd) - Optional Block<br>Enable this option
|
|
892
892
|
|
|
893
|
-
<a id="
|
|
893
|
+
<a id="trusted-ca-eefedc"></a>• [`trusted_ca`](#trusted-ca-eefedc) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-eefedc) below.
|
|
894
894
|
|
|
895
|
-
<a id="
|
|
895
|
+
<a id="url-478a70"></a>• [`trusted_ca_url`](#url-478a70) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
896
896
|
|
|
897
|
-
<a id="
|
|
897
|
+
<a id="disabled-2827c4"></a>• [`xfcc_disabled`](#disabled-2827c4) - Optional Block<br>Enable this option
|
|
898
898
|
|
|
899
|
-
<a id="
|
|
899
|
+
<a id="options-564de6"></a>• [`xfcc_options`](#options-564de6) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-564de6) below.
|
|
900
900
|
|
|
901
901
|
#### HTTPS Management Advertise On Slo VIP Use mTLS CRL
|
|
902
902
|
|
|
903
|
-
A [`crl`](#
|
|
903
|
+
A [`crl`](#crl-35cfce) block (within [`https_management.advertise_on_slo_vip.use_mtls`](#mtls-85e7e5)) supports the following:
|
|
904
904
|
|
|
905
|
-
<a id="
|
|
905
|
+
<a id="name-9593de"></a>• [`name`](#name-9593de) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
906
906
|
|
|
907
|
-
<a id="
|
|
907
|
+
<a id="namespace-dd54d0"></a>• [`namespace`](#namespace-dd54d0) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
908
908
|
|
|
909
|
-
<a id="
|
|
909
|
+
<a id="tenant-d019a6"></a>• [`tenant`](#tenant-d019a6) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
910
910
|
|
|
911
911
|
#### HTTPS Management Advertise On Slo VIP Use mTLS Trusted CA
|
|
912
912
|
|
|
913
|
-
A [`trusted_ca`](#
|
|
913
|
+
A [`trusted_ca`](#trusted-ca-eefedc) block (within [`https_management.advertise_on_slo_vip.use_mtls`](#mtls-85e7e5)) supports the following:
|
|
914
914
|
|
|
915
|
-
<a id="
|
|
915
|
+
<a id="name-eea57c"></a>• [`name`](#name-eea57c) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
916
916
|
|
|
917
|
-
<a id="
|
|
917
|
+
<a id="namespace-121754"></a>• [`namespace`](#namespace-121754) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
918
918
|
|
|
919
|
-
<a id="
|
|
919
|
+
<a id="tenant-7e45d7"></a>• [`tenant`](#tenant-7e45d7) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
920
920
|
|
|
921
921
|
#### HTTPS Management Advertise On Slo VIP Use mTLS Xfcc Options
|
|
922
922
|
|
|
923
|
-
A [`xfcc_options`](#
|
|
923
|
+
A [`xfcc_options`](#options-564de6) block (within [`https_management.advertise_on_slo_vip.use_mtls`](#mtls-85e7e5)) supports the following:
|
|
924
924
|
|
|
925
|
-
<a id="
|
|
925
|
+
<a id="elements-b77b32"></a>• [`xfcc_header_elements`](#elements-b77b32) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
926
926
|
|
|
927
927
|
#### Timeouts
|
|
928
928
|
|