@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +24 -877
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -220,77 +220,77 @@ A [`cookie_params`](#authentication-cookie-params) block (within [`authenticatio
|
|
|
220
220
|
|
|
221
221
|
<a id="authentication-cookie-params-auth-hmac"></a>• [`auth_hmac`](#authentication-cookie-params-auth-hmac) - Optional Block<br>HMAC Key Pair. HMAC primary and secondary keys to be used for hashing the Cookie. Each key also have an associated expiry timestamp, beyond which key is invalid<br>See [Auth HMAC](#authentication-cookie-params-auth-hmac) below.
|
|
222
222
|
|
|
223
|
-
<a id="
|
|
223
|
+
<a id="expiry-adfc80"></a>• [`cookie_expiry`](#expiry-adfc80) - Optional Number<br>Cookie Expiry duration. specifies in seconds max duration of the allocated cookie. This maps to “Max-Age” attribute in the session cookie. This will act as an expiry duration on the client side after which client will not be setting the cookie as part of the request. Default cookie expiry is 3600 seconds
|
|
224
224
|
|
|
225
|
-
<a id="
|
|
225
|
+
<a id="interval-13cbce"></a>• [`cookie_refresh_interval`](#interval-13cbce) - Optional Number<br>Cookie Refresh Interval. Specifies in seconds refresh interval for session cookie. This is used to keep the active user active and reduce RE-login. When an incoming cookie's session expiry is still valid, and time to expire falls behind this interval, RE-issue a cookie with new expiry and with the same original session expiry. Default refresh interval is 3000 seconds
|
|
226
226
|
|
|
227
|
-
<a id="
|
|
227
|
+
<a id="hmac-2097df"></a>• [`kms_key_hmac`](#hmac-2097df) - Optional Block<br>KMS Key Reference. Reference to KMS Key Object
|
|
228
228
|
|
|
229
|
-
<a id="
|
|
229
|
+
<a id="expiry-0b152c"></a>• [`session_expiry`](#expiry-0b152c) - Optional Number<br>Session Expiry duration. specifies in seconds max lifetime of an authenticated session after which the user will be forced to login again. Default session expiry is 86400 seconds(24 hours)
|
|
230
230
|
|
|
231
231
|
#### Authentication Cookie Params Auth HMAC
|
|
232
232
|
|
|
233
233
|
An [`auth_hmac`](#authentication-cookie-params-auth-hmac) block (within [`authentication.cookie_params`](#authentication-cookie-params)) supports the following:
|
|
234
234
|
|
|
235
|
-
<a id="
|
|
235
|
+
<a id="key-cec38f"></a>• [`prim_key`](#key-cec38f) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Prim Key](#key-cec38f) below.
|
|
236
236
|
|
|
237
|
-
<a id="
|
|
237
|
+
<a id="expiry-982334"></a>• [`prim_key_expiry`](#expiry-982334) - Optional String<br>HMAC Primary Key Expiry. Primary HMAC Key Expiry time
|
|
238
238
|
|
|
239
|
-
<a id="
|
|
239
|
+
<a id="key-f289cf"></a>• [`sec_key`](#key-f289cf) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Sec Key](#key-f289cf) below.
|
|
240
240
|
|
|
241
|
-
<a id="
|
|
241
|
+
<a id="expiry-6c8703"></a>• [`sec_key_expiry`](#expiry-6c8703) - Optional String<br>HMAC Secondary Key Expiry. Secondary HMAC Key Expiry time
|
|
242
242
|
|
|
243
243
|
#### Authentication Cookie Params Auth HMAC Prim Key
|
|
244
244
|
|
|
245
|
-
A [`prim_key`](#
|
|
245
|
+
A [`prim_key`](#key-cec38f) block (within [`authentication.cookie_params.auth_hmac`](#authentication-cookie-params-auth-hmac)) supports the following:
|
|
246
246
|
|
|
247
|
-
<a id="
|
|
247
|
+
<a id="info-51af12"></a>• [`blindfold_secret_info`](#info-51af12) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-51af12) below.
|
|
248
248
|
|
|
249
|
-
<a id="
|
|
249
|
+
<a id="info-fb9b06"></a>• [`clear_secret_info`](#info-fb9b06) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-fb9b06) below.
|
|
250
250
|
|
|
251
251
|
#### Authentication Cookie Params Auth HMAC Prim Key Blindfold Secret Info
|
|
252
252
|
|
|
253
|
-
A [`blindfold_secret_info`](#
|
|
253
|
+
A [`blindfold_secret_info`](#info-51af12) block (within [`authentication.cookie_params.auth_hmac.prim_key`](#key-cec38f)) supports the following:
|
|
254
254
|
|
|
255
|
-
<a id="
|
|
255
|
+
<a id="provider-eeb447"></a>• [`decryption_provider`](#provider-eeb447) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
256
256
|
|
|
257
|
-
<a id="
|
|
257
|
+
<a id="location-a494d6"></a>• [`location`](#location-a494d6) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
258
258
|
|
|
259
|
-
<a id="
|
|
259
|
+
<a id="provider-a9048f"></a>• [`store_provider`](#provider-a9048f) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
260
260
|
|
|
261
261
|
#### Authentication Cookie Params Auth HMAC Prim Key Clear Secret Info
|
|
262
262
|
|
|
263
|
-
A [`clear_secret_info`](#
|
|
263
|
+
A [`clear_secret_info`](#info-fb9b06) block (within [`authentication.cookie_params.auth_hmac.prim_key`](#key-cec38f)) supports the following:
|
|
264
264
|
|
|
265
|
-
<a id="
|
|
265
|
+
<a id="ref-1927df"></a>• [`provider_ref`](#ref-1927df) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
266
266
|
|
|
267
|
-
<a id="
|
|
267
|
+
<a id="url-868594"></a>• [`url`](#url-868594) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
268
268
|
|
|
269
269
|
#### Authentication Cookie Params Auth HMAC Sec Key
|
|
270
270
|
|
|
271
|
-
A [`sec_key`](#
|
|
271
|
+
A [`sec_key`](#key-f289cf) block (within [`authentication.cookie_params.auth_hmac`](#authentication-cookie-params-auth-hmac)) supports the following:
|
|
272
272
|
|
|
273
|
-
<a id="
|
|
273
|
+
<a id="info-07eb40"></a>• [`blindfold_secret_info`](#info-07eb40) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-07eb40) below.
|
|
274
274
|
|
|
275
|
-
<a id="
|
|
275
|
+
<a id="info-f63518"></a>• [`clear_secret_info`](#info-f63518) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-f63518) below.
|
|
276
276
|
|
|
277
277
|
#### Authentication Cookie Params Auth HMAC Sec Key Blindfold Secret Info
|
|
278
278
|
|
|
279
|
-
A [`blindfold_secret_info`](#
|
|
279
|
+
A [`blindfold_secret_info`](#info-07eb40) block (within [`authentication.cookie_params.auth_hmac.sec_key`](#key-f289cf)) supports the following:
|
|
280
280
|
|
|
281
|
-
<a id="
|
|
281
|
+
<a id="provider-57d865"></a>• [`decryption_provider`](#provider-57d865) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
282
282
|
|
|
283
|
-
<a id="
|
|
283
|
+
<a id="location-4e56d1"></a>• [`location`](#location-4e56d1) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
284
284
|
|
|
285
|
-
<a id="
|
|
285
|
+
<a id="provider-d7613c"></a>• [`store_provider`](#provider-d7613c) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
286
286
|
|
|
287
287
|
#### Authentication Cookie Params Auth HMAC Sec Key Clear Secret Info
|
|
288
288
|
|
|
289
|
-
A [`clear_secret_info`](#
|
|
289
|
+
A [`clear_secret_info`](#info-f63518) block (within [`authentication.cookie_params.auth_hmac.sec_key`](#key-f289cf)) supports the following:
|
|
290
290
|
|
|
291
|
-
<a id="
|
|
291
|
+
<a id="ref-f80e6a"></a>• [`provider_ref`](#ref-f80e6a) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
292
292
|
|
|
293
|
-
<a id="
|
|
293
|
+
<a id="url-b9e8aa"></a>• [`url`](#url-b9e8aa) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
294
294
|
|
|
295
295
|
#### Buffer Policy
|
|
296
296
|
|
|
@@ -324,9 +324,9 @@ A [`compression_params`](#compression-params) block supports the following:
|
|
|
324
324
|
|
|
325
325
|
<a id="compression-params-content-type"></a>• [`content_type`](#compression-params-content-type) - Optional List<br>Content Type. Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: 'application/javascript' 'application/JSON', 'application/xhtml+XML' 'image/svg+XML' 'text/CSS' 'text/HTML' 'text/plain' 'text/XML'
|
|
326
326
|
|
|
327
|
-
<a id="
|
|
327
|
+
<a id="header-37dbb1"></a>• [`disable_on_etag_header`](#header-37dbb1) - Optional Bool<br>Disable On Etag Header. If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed
|
|
328
328
|
|
|
329
|
-
<a id="
|
|
329
|
+
<a id="header-c186ee"></a>• [`remove_accept_encoding_header`](#header-c186ee) - Optional Bool<br>Remove Accept-Encoding Header. If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not get compressed before reaching the filter
|
|
330
330
|
|
|
331
331
|
#### CORS Policy
|
|
332
332
|
|
|
@@ -368,55 +368,55 @@ A [`custom_domain_list`](#csrf-policy-custom-domain-list) block (within [`csrf_p
|
|
|
368
368
|
|
|
369
369
|
A [`dynamic_reverse_proxy`](#dynamic-reverse-proxy) block supports the following:
|
|
370
370
|
|
|
371
|
-
<a id="
|
|
371
|
+
<a id="timeout-627d8e"></a>• [`connection_timeout`](#timeout-627d8e) - Optional Number Defaults to `2000` Specified in milliseconds<br>Connection Timeout. The timeout for new network connections to upstream server. The (2 seconds)
|
|
372
372
|
|
|
373
|
-
<a id="
|
|
373
|
+
<a id="network-fd11f9"></a>• [`resolution_network`](#network-fd11f9) - Optional Block<br>Resolution Network. Reference to virtual network where the endpoint is resolved. Reference is valid only when the network type is VIRTUAL_NETWORK_PER_SITE or VIRTUAL_NETWORK_GLOBAL. It is ignored for all other network types<br>See [Resolution Network](#network-fd11f9) below.
|
|
374
374
|
|
|
375
|
-
<a id="
|
|
375
|
+
<a id="type-42c5dd"></a>• [`resolution_network_type`](#type-42c5dd) - Optional String Defaults to `VIRTUAL_NETWORK_SITE_LOCAL`<br>Possible values are `VIRTUAL_NETWORK_SITE_LOCAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE`, `VIRTUAL_NETWORK_PER_SITE`, `VIRTUAL_NETWORK_PUBLIC`, `VIRTUAL_NETWORK_GLOBAL`, `VIRTUAL_NETWORK_SITE_SERVICE`, `VIRTUAL_NETWORK_VER_INTERNAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE`, `VIRTUAL_NETWORK_IP_AUTO`, `VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK`, `VIRTUAL_NETWORK_SRV6_NETWORK`, `VIRTUAL_NETWORK_IP_FABRIC`, `VIRTUAL_NETWORK_SEGMENT`<br>[Enum: VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT] Virtual Network Type. Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created automatically and present on all sites Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE is a private network inside site. It is a secure network and is not connected to public network. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created during provisioning of site User defined per-site virtual network. Scope of this virtual network is limited to the site. This is not yet supported Virtual-network of type VIRTUAL_NETWORK_PUBLIC directly conects to the public internet. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on RE sites only It is an internally created by the system. They must not be created by user Virtual Neworks with global scope across different sites in F5XC domain. An example global virtual-network called 'AIN Network' is created for every tenant. for volterra fabric Constraints: It is currently only supported as internally created by the system. vK8s service network for a given tenant. Used to advertise a virtual host only to vk8s pods for that tenant Constraints: It is an internally created by the system. Must not be created by user VER internal network for the site. It can only be used for virtual hosts with SMA_PROXY type proxy Constraints: It is an internally created by the system. Must not be created by user Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE represents both VIRTUAL_NETWORK_SITE_LOCAL and VIRTUAL_NETWORK_SITE_LOCAL_INSIDE Constraints: This network type is only meaningful in an advertise policy When virtual-network of type VIRTUAL_NETWORK_IP_AUTO is selected for an endpoint, VER will try to determine the network based on the provided IP address Constraints: This network type is only meaningful in an endpoint VoltADN Private Network is used on volterra RE(s) to connect to customer private networks This network is created by opening a support ticket This network is per site srv6 network VER IP Fabric network for the site. This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network Constraints: It is an internally created by the system. Must not be created by user Network internally created for a segment Constraints: It is an internally created by the system. Must not be created by user
|
|
376
376
|
|
|
377
|
-
<a id="
|
|
377
|
+
<a id="dynamically-2caac9"></a>• [`resolve_endpoint_dynamically`](#dynamically-2caac9) - Optional Bool<br>Dynamic Endpoint Resolution. x-example : true In this mode of proxy, virtual host will resolve the destination endpoint dynamically. The dynamic resolution is done using a predefined field in the request. This predefined field depends on the ProxyType configured on the Virtual Host. For HTTP traffic, i.e. with ProxyType as HTTP_PROXY or HTTPS_PROXY, virtual host will use the 'HOST' HTTP header from the request and perform DNS resolution to select destination endpoint. For TCP traffic with SNI, (If the ProxyType is TCP_PROXY_WITH_SNI), virtual host will perform DNS resolution using the SNI. The DNS resolution is performed in the virtual network specified in outside_network_type or outside_network In both modes of operation(either using Host header or SNI), the DNS resolution could return multiple addresses. First IPv4 address from such returned list is used as endpoint for the request. The DNS response is cached for 60s by default
|
|
378
378
|
|
|
379
379
|
#### Dynamic Reverse Proxy Resolution Network
|
|
380
380
|
|
|
381
|
-
A [`resolution_network`](#
|
|
381
|
+
A [`resolution_network`](#network-fd11f9) block (within [`dynamic_reverse_proxy`](#dynamic-reverse-proxy)) supports the following:
|
|
382
382
|
|
|
383
|
-
<a id="
|
|
383
|
+
<a id="kind-b4600a"></a>• [`kind`](#kind-b4600a) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
384
384
|
|
|
385
|
-
<a id="
|
|
385
|
+
<a id="name-30f08c"></a>• [`name`](#name-30f08c) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
386
386
|
|
|
387
|
-
<a id="
|
|
387
|
+
<a id="namespace-8df863"></a>• [`namespace`](#namespace-8df863) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
388
388
|
|
|
389
|
-
<a id="
|
|
389
|
+
<a id="tenant-ab33db"></a>• [`tenant`](#tenant-ab33db) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
390
390
|
|
|
391
|
-
<a id="
|
|
391
|
+
<a id="uid-2ee5fb"></a>• [`uid`](#uid-2ee5fb) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
392
392
|
|
|
393
393
|
#### HTTP Protocol Options
|
|
394
394
|
|
|
395
395
|
A [`http_protocol_options`](#http-protocol-options) block supports the following:
|
|
396
396
|
|
|
397
|
-
<a id="
|
|
397
|
+
<a id="only-d91b7d"></a>• [`http_protocol_enable_v1_only`](#only-d91b7d) - Optional Block<br>HTTP/1.1 Protocol Options. HTTP/1.1 Protocol options for downstream connections<br>See [HTTP Protocol Enable V1 Only](#only-d91b7d) below.
|
|
398
398
|
|
|
399
|
-
<a id="
|
|
399
|
+
<a id="v1-v2-79c7b6"></a>• [`http_protocol_enable_v1_v2`](#v1-v2-79c7b6) - Optional Block<br>Enable this option
|
|
400
400
|
|
|
401
|
-
<a id="
|
|
401
|
+
<a id="only-e64b55"></a>• [`http_protocol_enable_v2_only`](#only-e64b55) - Optional Block<br>Enable this option
|
|
402
402
|
|
|
403
403
|
#### HTTP Protocol Options HTTP Protocol Enable V1 Only
|
|
404
404
|
|
|
405
|
-
A [`http_protocol_enable_v1_only`](#
|
|
405
|
+
A [`http_protocol_enable_v1_only`](#only-d91b7d) block (within [`http_protocol_options`](#http-protocol-options)) supports the following:
|
|
406
406
|
|
|
407
|
-
<a id="
|
|
407
|
+
<a id="transformation-e44133"></a>• [`header_transformation`](#transformation-e44133) - Optional Block<br>Header Transformation. Header Transformation options for HTTP/1.1 request/response headers<br>See [Header Transformation](#transformation-e44133) below.
|
|
408
408
|
|
|
409
409
|
#### HTTP Protocol Options HTTP Protocol Enable V1 Only Header Transformation
|
|
410
410
|
|
|
411
|
-
A [`header_transformation`](#
|
|
411
|
+
A [`header_transformation`](#transformation-e44133) block (within [`http_protocol_options.http_protocol_enable_v1_only`](#only-d91b7d)) supports the following:
|
|
412
412
|
|
|
413
|
-
<a id="
|
|
413
|
+
<a id="transformation-d957b9"></a>• [`default_header_transformation`](#transformation-d957b9) - Optional Block<br>Enable this option
|
|
414
414
|
|
|
415
|
-
<a id="
|
|
415
|
+
<a id="transformation-f5e991"></a>• [`legacy_header_transformation`](#transformation-f5e991) - Optional Block<br>Enable this option
|
|
416
416
|
|
|
417
|
-
<a id="
|
|
417
|
+
<a id="transformation-abce75"></a>• [`preserve_case_header_transformation`](#transformation-abce75) - Optional Block<br>Enable this option
|
|
418
418
|
|
|
419
|
-
<a id="
|
|
419
|
+
<a id="transformation-00bb40"></a>• [`proper_case_header_transformation`](#transformation-00bb40) - Optional Block<br>Enable this option
|
|
420
420
|
|
|
421
421
|
#### Js Challenge
|
|
422
422
|
|
|
@@ -458,27 +458,27 @@ A [`request_cookies_to_add`](#request-cookies-to-add) block supports the followi
|
|
|
458
458
|
|
|
459
459
|
A [`secret_value`](#request-cookies-to-add-secret-value) block (within [`request_cookies_to_add`](#request-cookies-to-add)) supports the following:
|
|
460
460
|
|
|
461
|
-
<a id="
|
|
461
|
+
<a id="info-f95f6c"></a>• [`blindfold_secret_info`](#info-f95f6c) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-f95f6c) below.
|
|
462
462
|
|
|
463
|
-
<a id="
|
|
463
|
+
<a id="info-fcb5d1"></a>• [`clear_secret_info`](#info-fcb5d1) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-fcb5d1) below.
|
|
464
464
|
|
|
465
465
|
#### Request Cookies To Add Secret Value Blindfold Secret Info
|
|
466
466
|
|
|
467
|
-
A [`blindfold_secret_info`](#
|
|
467
|
+
A [`blindfold_secret_info`](#info-f95f6c) block (within [`request_cookies_to_add.secret_value`](#request-cookies-to-add-secret-value)) supports the following:
|
|
468
468
|
|
|
469
|
-
<a id="
|
|
469
|
+
<a id="provider-1e9a96"></a>• [`decryption_provider`](#provider-1e9a96) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
470
470
|
|
|
471
|
-
<a id="
|
|
471
|
+
<a id="location-a7c694"></a>• [`location`](#location-a7c694) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
472
472
|
|
|
473
|
-
<a id="
|
|
473
|
+
<a id="provider-7f7b1b"></a>• [`store_provider`](#provider-7f7b1b) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
474
474
|
|
|
475
475
|
#### Request Cookies To Add Secret Value Clear Secret Info
|
|
476
476
|
|
|
477
|
-
A [`clear_secret_info`](#
|
|
477
|
+
A [`clear_secret_info`](#info-fcb5d1) block (within [`request_cookies_to_add.secret_value`](#request-cookies-to-add-secret-value)) supports the following:
|
|
478
478
|
|
|
479
|
-
<a id="
|
|
479
|
+
<a id="ref-61071c"></a>• [`provider_ref`](#ref-61071c) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
480
480
|
|
|
481
|
-
<a id="
|
|
481
|
+
<a id="url-c44b15"></a>• [`url`](#url-c44b15) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
482
482
|
|
|
483
483
|
#### Request Headers To Add
|
|
484
484
|
|
|
@@ -496,27 +496,27 @@ A [`request_headers_to_add`](#request-headers-to-add) block supports the followi
|
|
|
496
496
|
|
|
497
497
|
A [`secret_value`](#request-headers-to-add-secret-value) block (within [`request_headers_to_add`](#request-headers-to-add)) supports the following:
|
|
498
498
|
|
|
499
|
-
<a id="
|
|
499
|
+
<a id="info-be8500"></a>• [`blindfold_secret_info`](#info-be8500) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-be8500) below.
|
|
500
500
|
|
|
501
|
-
<a id="
|
|
501
|
+
<a id="info-d2833c"></a>• [`clear_secret_info`](#info-d2833c) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-d2833c) below.
|
|
502
502
|
|
|
503
503
|
#### Request Headers To Add Secret Value Blindfold Secret Info
|
|
504
504
|
|
|
505
|
-
A [`blindfold_secret_info`](#
|
|
505
|
+
A [`blindfold_secret_info`](#info-be8500) block (within [`request_headers_to_add.secret_value`](#request-headers-to-add-secret-value)) supports the following:
|
|
506
506
|
|
|
507
|
-
<a id="
|
|
507
|
+
<a id="provider-064ccc"></a>• [`decryption_provider`](#provider-064ccc) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
508
508
|
|
|
509
|
-
<a id="
|
|
509
|
+
<a id="location-5c63de"></a>• [`location`](#location-5c63de) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
510
510
|
|
|
511
|
-
<a id="
|
|
511
|
+
<a id="provider-0b58dd"></a>• [`store_provider`](#provider-0b58dd) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
512
512
|
|
|
513
513
|
#### Request Headers To Add Secret Value Clear Secret Info
|
|
514
514
|
|
|
515
|
-
A [`clear_secret_info`](#
|
|
515
|
+
A [`clear_secret_info`](#info-d2833c) block (within [`request_headers_to_add.secret_value`](#request-headers-to-add-secret-value)) supports the following:
|
|
516
516
|
|
|
517
|
-
<a id="
|
|
517
|
+
<a id="ref-8cc2a7"></a>• [`provider_ref`](#ref-8cc2a7) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
518
518
|
|
|
519
|
-
<a id="
|
|
519
|
+
<a id="url-177876"></a>• [`url`](#url-177876) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
520
520
|
|
|
521
521
|
#### Response Cookies To Add
|
|
522
522
|
|
|
@@ -542,7 +542,7 @@ A [`response_cookies_to_add`](#response-cookies-to-add) block supports the follo
|
|
|
542
542
|
|
|
543
543
|
<a id="response-cookies-to-add-ignore-max-age"></a>• [`ignore_max_age`](#response-cookies-to-add-ignore-max-age) - Optional Block<br>Enable this option
|
|
544
544
|
|
|
545
|
-
<a id="
|
|
545
|
+
<a id="partitioned-36b0ea"></a>• [`ignore_partitioned`](#partitioned-36b0ea) - Optional Block<br>Enable this option
|
|
546
546
|
|
|
547
547
|
<a id="response-cookies-to-add-ignore-path"></a>• [`ignore_path`](#response-cookies-to-add-ignore-path) - Optional Block<br>Enable this option
|
|
548
548
|
|
|
@@ -572,27 +572,27 @@ A [`response_cookies_to_add`](#response-cookies-to-add) block supports the follo
|
|
|
572
572
|
|
|
573
573
|
A [`secret_value`](#response-cookies-to-add-secret-value) block (within [`response_cookies_to_add`](#response-cookies-to-add)) supports the following:
|
|
574
574
|
|
|
575
|
-
<a id="
|
|
575
|
+
<a id="info-85cc48"></a>• [`blindfold_secret_info`](#info-85cc48) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-85cc48) below.
|
|
576
576
|
|
|
577
|
-
<a id="
|
|
577
|
+
<a id="info-3654fd"></a>• [`clear_secret_info`](#info-3654fd) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-3654fd) below.
|
|
578
578
|
|
|
579
579
|
#### Response Cookies To Add Secret Value Blindfold Secret Info
|
|
580
580
|
|
|
581
|
-
A [`blindfold_secret_info`](#
|
|
581
|
+
A [`blindfold_secret_info`](#info-85cc48) block (within [`response_cookies_to_add.secret_value`](#response-cookies-to-add-secret-value)) supports the following:
|
|
582
582
|
|
|
583
|
-
<a id="
|
|
583
|
+
<a id="provider-079749"></a>• [`decryption_provider`](#provider-079749) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
584
584
|
|
|
585
|
-
<a id="
|
|
585
|
+
<a id="location-51bd00"></a>• [`location`](#location-51bd00) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
586
586
|
|
|
587
|
-
<a id="
|
|
587
|
+
<a id="provider-216308"></a>• [`store_provider`](#provider-216308) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
588
588
|
|
|
589
589
|
#### Response Cookies To Add Secret Value Clear Secret Info
|
|
590
590
|
|
|
591
|
-
A [`clear_secret_info`](#
|
|
591
|
+
A [`clear_secret_info`](#info-3654fd) block (within [`response_cookies_to_add.secret_value`](#response-cookies-to-add-secret-value)) supports the following:
|
|
592
592
|
|
|
593
|
-
<a id="
|
|
593
|
+
<a id="ref-324f7c"></a>• [`provider_ref`](#ref-324f7c) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
594
594
|
|
|
595
|
-
<a id="
|
|
595
|
+
<a id="url-edd55e"></a>• [`url`](#url-edd55e) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
596
596
|
|
|
597
597
|
#### Response Headers To Add
|
|
598
598
|
|
|
@@ -610,27 +610,27 @@ A [`response_headers_to_add`](#response-headers-to-add) block supports the follo
|
|
|
610
610
|
|
|
611
611
|
A [`secret_value`](#response-headers-to-add-secret-value) block (within [`response_headers_to_add`](#response-headers-to-add)) supports the following:
|
|
612
612
|
|
|
613
|
-
<a id="
|
|
613
|
+
<a id="info-92dea8"></a>• [`blindfold_secret_info`](#info-92dea8) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-92dea8) below.
|
|
614
614
|
|
|
615
|
-
<a id="
|
|
615
|
+
<a id="info-52d56a"></a>• [`clear_secret_info`](#info-52d56a) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-52d56a) below.
|
|
616
616
|
|
|
617
617
|
#### Response Headers To Add Secret Value Blindfold Secret Info
|
|
618
618
|
|
|
619
|
-
A [`blindfold_secret_info`](#
|
|
619
|
+
A [`blindfold_secret_info`](#info-92dea8) block (within [`response_headers_to_add.secret_value`](#response-headers-to-add-secret-value)) supports the following:
|
|
620
620
|
|
|
621
|
-
<a id="
|
|
621
|
+
<a id="provider-7abeeb"></a>• [`decryption_provider`](#provider-7abeeb) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
622
622
|
|
|
623
|
-
<a id="
|
|
623
|
+
<a id="location-ee9a34"></a>• [`location`](#location-ee9a34) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
624
624
|
|
|
625
|
-
<a id="
|
|
625
|
+
<a id="provider-010616"></a>• [`store_provider`](#provider-010616) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
626
626
|
|
|
627
627
|
#### Response Headers To Add Secret Value Clear Secret Info
|
|
628
628
|
|
|
629
|
-
A [`clear_secret_info`](#
|
|
629
|
+
A [`clear_secret_info`](#info-52d56a) block (within [`response_headers_to_add.secret_value`](#response-headers-to-add-secret-value)) supports the following:
|
|
630
630
|
|
|
631
|
-
<a id="
|
|
631
|
+
<a id="ref-478df0"></a>• [`provider_ref`](#ref-478df0) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
632
632
|
|
|
633
|
-
<a id="
|
|
633
|
+
<a id="url-d6f859"></a>• [`url`](#url-d6f859) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
634
634
|
|
|
635
635
|
#### Retry Policy
|
|
636
636
|
|
|
@@ -686,9 +686,9 @@ A [`sensitive_data_policy`](#sensitive-data-policy) block supports the following
|
|
|
686
686
|
|
|
687
687
|
A [`slow_ddos_mitigation`](#slow-ddos-mitigation) block supports the following:
|
|
688
688
|
|
|
689
|
-
<a id="
|
|
689
|
+
<a id="timeout-81071e"></a>• [`disable_request_timeout`](#timeout-81071e) - Optional Block<br>Enable this option
|
|
690
690
|
|
|
691
|
-
<a id="
|
|
691
|
+
<a id="timeout-da89d3"></a>• [`request_headers_timeout`](#timeout-da89d3) - Optional Number Defaults to `10000`<br>Request Headers Timeout. The amount of time the client has to send only the headers on the request stream before the stream is cancelled. The milliseconds. This setting provides protection against Slowloris attacks
|
|
692
692
|
|
|
693
693
|
<a id="slow-ddos-mitigation-request-timeout"></a>• [`request_timeout`](#slow-ddos-mitigation-request-timeout) - Optional Number<br>Custom Timeout
|
|
694
694
|
|
|
@@ -712,13 +712,13 @@ A [`tls_cert_params`](#tls-cert-params) block supports the following:
|
|
|
712
712
|
|
|
713
713
|
<a id="tls-cert-params-cipher-suites"></a>• [`cipher_suites`](#tls-cert-params-cipher-suites) - Optional List<br>Cipher Suites. The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 If not specified, the default list: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 will be used
|
|
714
714
|
|
|
715
|
-
<a id="
|
|
715
|
+
<a id="optional-41418d"></a>• [`client_certificate_optional`](#optional-41418d) - Optional Block<br>Enable this option
|
|
716
716
|
|
|
717
|
-
<a id="
|
|
717
|
+
<a id="required-58689a"></a>• [`client_certificate_required`](#required-58689a) - Optional Block<br>Enable this option
|
|
718
718
|
|
|
719
|
-
<a id="
|
|
719
|
+
<a id="version-93b9ed"></a>• [`maximum_protocol_version`](#version-93b9ed) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
720
720
|
|
|
721
|
-
<a id="
|
|
721
|
+
<a id="version-77eedf"></a>• [`minimum_protocol_version`](#version-77eedf) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
722
722
|
|
|
723
723
|
<a id="tls-cert-params-no-client-certificate"></a>• [`no_client_certificate`](#tls-cert-params-no-client-certificate) - Optional Block<br>Enable this option
|
|
724
724
|
|
|
@@ -744,41 +744,41 @@ A [`certificates`](#tls-cert-params-certificates) block (within [`tls_cert_param
|
|
|
744
744
|
|
|
745
745
|
A [`validation_params`](#tls-cert-params-validation-params) block (within [`tls_cert_params`](#tls-cert-params)) supports the following:
|
|
746
746
|
|
|
747
|
-
<a id="
|
|
747
|
+
<a id="verification-c74b3f"></a>• [`skip_hostname_verification`](#verification-c74b3f) - Optional Bool<br>Skip verification of hostname. When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname
|
|
748
748
|
|
|
749
|
-
<a id="
|
|
749
|
+
<a id="trusted-ca-f27956"></a>• [`trusted_ca`](#trusted-ca-f27956) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA](#trusted-ca-f27956) below.
|
|
750
750
|
|
|
751
|
-
<a id="
|
|
751
|
+
<a id="url-948cfa"></a>• [`trusted_ca_url`](#url-948cfa) - Optional String<br>Inline Root CA Certificate (legacy). Inline Root CA Certificate
|
|
752
752
|
|
|
753
|
-
<a id="
|
|
753
|
+
<a id="names-e2ed6b"></a>• [`verify_subject_alt_names`](#names-e2ed6b) - Optional List<br>List of SANs for matching. List of acceptable Subject Alt Names/CN in the peer's certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer's certificate
|
|
754
754
|
|
|
755
755
|
#### TLS Cert Params Validation Params Trusted CA
|
|
756
756
|
|
|
757
|
-
A [`trusted_ca`](#
|
|
757
|
+
A [`trusted_ca`](#trusted-ca-f27956) block (within [`tls_cert_params.validation_params`](#tls-cert-params-validation-params)) supports the following:
|
|
758
758
|
|
|
759
|
-
<a id="
|
|
759
|
+
<a id="list-4160d3"></a>• [`trusted_ca_list`](#list-4160d3) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA List](#list-4160d3) below.
|
|
760
760
|
|
|
761
761
|
#### TLS Cert Params Validation Params Trusted CA Trusted CA List
|
|
762
762
|
|
|
763
|
-
A [`trusted_ca_list`](#
|
|
763
|
+
A [`trusted_ca_list`](#list-4160d3) block (within [`tls_cert_params.validation_params.trusted_ca`](#trusted-ca-f27956)) supports the following:
|
|
764
764
|
|
|
765
|
-
<a id="
|
|
765
|
+
<a id="kind-15adf6"></a>• [`kind`](#kind-15adf6) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
766
766
|
|
|
767
|
-
<a id="
|
|
767
|
+
<a id="name-35457f"></a>• [`name`](#name-35457f) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
768
768
|
|
|
769
|
-
<a id="
|
|
769
|
+
<a id="namespace-56542c"></a>• [`namespace`](#namespace-56542c) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
770
770
|
|
|
771
|
-
<a id="
|
|
771
|
+
<a id="tenant-449098"></a>• [`tenant`](#tenant-449098) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
772
772
|
|
|
773
|
-
<a id="
|
|
773
|
+
<a id="uid-ceb5df"></a>• [`uid`](#uid-ceb5df) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
774
774
|
|
|
775
775
|
#### TLS Parameters
|
|
776
776
|
|
|
777
777
|
A [`tls_parameters`](#tls-parameters) block supports the following:
|
|
778
778
|
|
|
779
|
-
<a id="
|
|
779
|
+
<a id="optional-56d793"></a>• [`client_certificate_optional`](#optional-56d793) - Optional Block<br>Enable this option
|
|
780
780
|
|
|
781
|
-
<a id="
|
|
781
|
+
<a id="required-544cf5"></a>• [`client_certificate_required`](#required-544cf5) - Optional Block<br>Enable this option
|
|
782
782
|
|
|
783
783
|
<a id="tls-parameters-common-params"></a>• [`common_params`](#tls-parameters-common-params) - Optional Block<br>TLS Parameters. Information of different aspects for TLS authentication related to ciphers, certificates and trust store<br>See [Common Params](#tls-parameters-common-params) below.
|
|
784
784
|
|
|
@@ -790,95 +790,95 @@ A [`tls_parameters`](#tls-parameters) block supports the following:
|
|
|
790
790
|
|
|
791
791
|
A [`common_params`](#tls-parameters-common-params) block (within [`tls_parameters`](#tls-parameters)) supports the following:
|
|
792
792
|
|
|
793
|
-
<a id="
|
|
793
|
+
<a id="suites-f69d86"></a>• [`cipher_suites`](#suites-f69d86) - Optional List<br>Cipher Suites. The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 If not specified, the default list: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 will be used
|
|
794
794
|
|
|
795
|
-
<a id="
|
|
795
|
+
<a id="version-e7c6f2"></a>• [`maximum_protocol_version`](#version-e7c6f2) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
796
796
|
|
|
797
|
-
<a id="
|
|
797
|
+
<a id="version-7d1460"></a>• [`minimum_protocol_version`](#version-7d1460) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
798
798
|
|
|
799
|
-
<a id="
|
|
799
|
+
<a id="certificates-c9caff"></a>• [`tls_certificates`](#certificates-c9caff) - Optional Block<br>TLS Certificates. Set of TLS certificates<br>See [TLS Certificates](#certificates-c9caff) below.
|
|
800
800
|
|
|
801
|
-
<a id="
|
|
801
|
+
<a id="params-6e95a6"></a>• [`validation_params`](#params-6e95a6) - Optional Block<br>TLS Certificate Validation Parameters. This includes URL for a trust store, whether SAN verification is required and list of Subject Alt Names for verification<br>See [Validation Params](#params-6e95a6) below.
|
|
802
802
|
|
|
803
803
|
#### TLS Parameters Common Params TLS Certificates
|
|
804
804
|
|
|
805
|
-
A [`tls_certificates`](#
|
|
805
|
+
A [`tls_certificates`](#certificates-c9caff) block (within [`tls_parameters.common_params`](#tls-parameters-common-params)) supports the following:
|
|
806
806
|
|
|
807
|
-
<a id="
|
|
807
|
+
<a id="url-323181"></a>• [`certificate_url`](#url-323181) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
808
808
|
|
|
809
|
-
<a id="
|
|
809
|
+
<a id="algorithms-eb62be"></a>• [`custom_hash_algorithms`](#algorithms-eb62be) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-eb62be) below.
|
|
810
810
|
|
|
811
|
-
<a id="
|
|
811
|
+
<a id="spec-5af02c"></a>• [`description_spec`](#spec-5af02c) - Optional String<br>Description. Description for the certificate
|
|
812
812
|
|
|
813
|
-
<a id="
|
|
813
|
+
<a id="stapling-c091fa"></a>• [`disable_ocsp_stapling`](#stapling-c091fa) - Optional Block<br>Enable this option
|
|
814
814
|
|
|
815
|
-
<a id="
|
|
815
|
+
<a id="key-da7979"></a>• [`private_key`](#key-da7979) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-da7979) below.
|
|
816
816
|
|
|
817
|
-
<a id="
|
|
817
|
+
<a id="defaults-f58bc7"></a>• [`use_system_defaults`](#defaults-f58bc7) - Optional Block<br>Enable this option
|
|
818
818
|
|
|
819
819
|
#### TLS Parameters Common Params TLS Certificates Custom Hash Algorithms
|
|
820
820
|
|
|
821
|
-
A [`custom_hash_algorithms`](#
|
|
821
|
+
A [`custom_hash_algorithms`](#algorithms-eb62be) block (within [`tls_parameters.common_params.tls_certificates`](#certificates-c9caff)) supports the following:
|
|
822
822
|
|
|
823
|
-
<a id="
|
|
823
|
+
<a id="algorithms-707f27"></a>• [`hash_algorithms`](#algorithms-707f27) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
824
824
|
|
|
825
825
|
#### TLS Parameters Common Params TLS Certificates Private Key
|
|
826
826
|
|
|
827
|
-
A [`private_key`](#
|
|
827
|
+
A [`private_key`](#key-da7979) block (within [`tls_parameters.common_params.tls_certificates`](#certificates-c9caff)) supports the following:
|
|
828
828
|
|
|
829
|
-
<a id="
|
|
829
|
+
<a id="info-eaa266"></a>• [`blindfold_secret_info`](#info-eaa266) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-eaa266) below.
|
|
830
830
|
|
|
831
|
-
<a id="
|
|
831
|
+
<a id="info-b039d1"></a>• [`clear_secret_info`](#info-b039d1) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-b039d1) below.
|
|
832
832
|
|
|
833
833
|
#### TLS Parameters Common Params TLS Certificates Private Key Blindfold Secret Info
|
|
834
834
|
|
|
835
|
-
A [`blindfold_secret_info`](#
|
|
835
|
+
A [`blindfold_secret_info`](#info-eaa266) block (within [`tls_parameters.common_params.tls_certificates.private_key`](#key-da7979)) supports the following:
|
|
836
836
|
|
|
837
|
-
<a id="
|
|
837
|
+
<a id="provider-fc3d7d"></a>• [`decryption_provider`](#provider-fc3d7d) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
838
838
|
|
|
839
|
-
<a id="
|
|
839
|
+
<a id="location-373b8d"></a>• [`location`](#location-373b8d) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
840
840
|
|
|
841
|
-
<a id="
|
|
841
|
+
<a id="provider-68c63b"></a>• [`store_provider`](#provider-68c63b) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
842
842
|
|
|
843
843
|
#### TLS Parameters Common Params TLS Certificates Private Key Clear Secret Info
|
|
844
844
|
|
|
845
|
-
A [`clear_secret_info`](#
|
|
845
|
+
A [`clear_secret_info`](#info-b039d1) block (within [`tls_parameters.common_params.tls_certificates.private_key`](#key-da7979)) supports the following:
|
|
846
846
|
|
|
847
|
-
<a id="
|
|
847
|
+
<a id="ref-571118"></a>• [`provider_ref`](#ref-571118) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
848
848
|
|
|
849
|
-
<a id="
|
|
849
|
+
<a id="url-65b084"></a>• [`url`](#url-65b084) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
850
850
|
|
|
851
851
|
#### TLS Parameters Common Params Validation Params
|
|
852
852
|
|
|
853
|
-
A [`validation_params`](#
|
|
853
|
+
A [`validation_params`](#params-6e95a6) block (within [`tls_parameters.common_params`](#tls-parameters-common-params)) supports the following:
|
|
854
854
|
|
|
855
|
-
<a id="
|
|
855
|
+
<a id="verification-30d13d"></a>• [`skip_hostname_verification`](#verification-30d13d) - Optional Bool<br>Skip verification of hostname. When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname
|
|
856
856
|
|
|
857
|
-
<a id="
|
|
857
|
+
<a id="trusted-ca-39c22f"></a>• [`trusted_ca`](#trusted-ca-39c22f) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA](#trusted-ca-39c22f) below.
|
|
858
858
|
|
|
859
|
-
<a id="
|
|
859
|
+
<a id="url-910417"></a>• [`trusted_ca_url`](#url-910417) - Optional String<br>Inline Root CA Certificate (legacy). Inline Root CA Certificate
|
|
860
860
|
|
|
861
|
-
<a id="
|
|
861
|
+
<a id="names-1c97ed"></a>• [`verify_subject_alt_names`](#names-1c97ed) - Optional List<br>List of SANs for matching. List of acceptable Subject Alt Names/CN in the peer's certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer's certificate
|
|
862
862
|
|
|
863
863
|
#### TLS Parameters Common Params Validation Params Trusted CA
|
|
864
864
|
|
|
865
|
-
A [`trusted_ca`](#
|
|
865
|
+
A [`trusted_ca`](#trusted-ca-39c22f) block (within [`tls_parameters.common_params.validation_params`](#params-6e95a6)) supports the following:
|
|
866
866
|
|
|
867
|
-
<a id="
|
|
867
|
+
<a id="list-01ba8e"></a>• [`trusted_ca_list`](#list-01ba8e) - Optional Block<br>Root CA Certificate Reference. Reference to Root CA Certificate<br>See [Trusted CA List](#list-01ba8e) below.
|
|
868
868
|
|
|
869
869
|
#### TLS Parameters Common Params Validation Params Trusted CA Trusted CA List
|
|
870
870
|
|
|
871
|
-
A [`trusted_ca_list`](#
|
|
871
|
+
A [`trusted_ca_list`](#list-01ba8e) block (within [`tls_parameters.common_params.validation_params.trusted_ca`](#trusted-ca-39c22f)) supports the following:
|
|
872
872
|
|
|
873
|
-
<a id="
|
|
873
|
+
<a id="kind-c488bc"></a>• [`kind`](#kind-c488bc) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
874
874
|
|
|
875
|
-
<a id="
|
|
875
|
+
<a id="name-dedff6"></a>• [`name`](#name-dedff6) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
876
876
|
|
|
877
|
-
<a id="
|
|
877
|
+
<a id="namespace-1917fa"></a>• [`namespace`](#namespace-1917fa) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
878
878
|
|
|
879
|
-
<a id="
|
|
879
|
+
<a id="tenant-eb6cbc"></a>• [`tenant`](#tenant-eb6cbc) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
880
880
|
|
|
881
|
-
<a id="
|
|
881
|
+
<a id="uid-a48fb2"></a>• [`uid`](#uid-a48fb2) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
882
882
|
|
|
883
883
|
#### User Identification
|
|
884
884
|
|
|
@@ -918,9 +918,9 @@ An [`app_firewall`](#waf-type-app-firewall-app-firewall) block (within [`waf_typ
|
|
|
918
918
|
|
|
919
919
|
<a id="waf-type-app-firewall-app-firewall-name"></a>• [`name`](#waf-type-app-firewall-app-firewall-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
920
920
|
|
|
921
|
-
<a id="
|
|
921
|
+
<a id="namespace-e90470"></a>• [`namespace`](#namespace-e90470) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
922
922
|
|
|
923
|
-
<a id="
|
|
923
|
+
<a id="tenant-441c06"></a>• [`tenant`](#tenant-441c06) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
924
924
|
|
|
925
925
|
<a id="waf-type-app-firewall-app-firewall-uid"></a>• [`uid`](#waf-type-app-firewall-app-firewall-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
926
926
|
|