@robinmordasiewicz/f5xc-terraform-mcp 3.0.0 → 3.0.2

package/dist/docs/resources/namespace.md

@@ -0,0 +1,170 @@
+---
+page_title: "f5xc_namespace Resource - terraform-provider-f5xc"
+subcategory: "Organization"
+description: |-
+  Manages new namespace. Name of the object is name of the name space. in F5 Distributed Cloud.
+---
+
+# f5xc_namespace (Resource)
+
+Manages new namespace. Name of the object is name of the name space. in F5 Distributed Cloud.
+
+~> **Note** For more information about this resource, please refer to the [F5 XC API Documentation](https://docs.cloud.f5.com/docs/api/).
+
+## Example Usage
+
+```terraform
+# Namespace Resource Example
+# Manages new namespace. Name of the object is name of the name space. in F5 Distributed Cloud.
+
+# Basic Namespace configuration
+resource "f5xc_namespace" "example" {
+  name      = "example-namespace"
+  namespace = "system"
+
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+
+  annotations = {
+    "owner" = "platform-team"
+  }
+
+  # Namespace configuration
+  description = "Example namespace for application workloads"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+
+### Metadata Argument Reference
+
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the Namespace. Must be unique within the namespace
+
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Optional String<br>Namespace for the Namespace. For this resource type, namespace should be empty or omitted
+
+### Spec Argument Reference
+
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+
+### Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+
+---
+
+#### Timeouts
+
+A [`timeouts`](#timeouts) block supports the following:
+
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+
+---
+
+## Common Types
+
+The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
+
+### Object Reference {#common-object-reference}
+
+Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format `tenant/namespace/name`.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `name` | String | Name of the referenced object |
+| `namespace` | String | Namespace containing the referenced object |
+| `tenant` | String | Tenant of the referenced object (system-managed) |
+
+### Transformers {#common-transformers}
+
+Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
+
+| Value | Description |
+| ----- | ----------- |
+| `LOWER_CASE` | Convert to lowercase |
+| `UPPER_CASE` | Convert to uppercase |
+| `BASE64_DECODE` | Decode base64 content |
+| `NORMALIZE_PATH` | Normalize URL path |
+| `REMOVE_WHITESPACE` | Remove whitespace characters |
+| `URL_DECODE` | Decode URL-encoded characters |
+| `TRIM_LEFT` | Trim leading whitespace |
+| `TRIM_RIGHT` | Trim trailing whitespace |
+| `TRIM` | Trim both leading and trailing whitespace |
+
+### HTTP Methods {#common-http-methods}
+
+HTTP methods used for request matching.
+
+| Value | Description |
+| ----- | ----------- |
+| `ANY` | Match any HTTP method |
+| `GET` | HTTP GET request |
+| `HEAD` | HTTP HEAD request |
+| `POST` | HTTP POST request |
+| `PUT` | HTTP PUT request |
+| `DELETE` | HTTP DELETE request |
+| `CONNECT` | HTTP CONNECT request |
+| `OPTIONS` | HTTP OPTIONS request |
+| `TRACE` | HTTP TRACE request |
+| `PATCH` | HTTP PATCH request |
+| `COPY` | HTTP COPY request (WebDAV) |
+
+### TLS Fingerprints {#common-tls-fingerprints}
+
+TLS fingerprint categories for malicious client detection.
+
+| Value | Description |
+| ----- | ----------- |
+| `TLS_FINGERPRINT_NONE` | No fingerprint matching |
+| `ANY_MALICIOUS_FINGERPRINT` | Match any known malicious fingerprint |
+| `ADWARE` | Adware-associated fingerprints |
+| `DRIDEX` | Dridex malware fingerprints |
+| `GOOTKIT` | Gootkit malware fingerprints |
+| `RANSOMWARE` | Ransomware-associated fingerprints |
+| `TRICKBOT` | Trickbot malware fingerprints |
+
+### IP Threat Categories {#common-ip-threat-categories}
+
+IP address threat categories for security filtering.
+
+| Value | Description |
+| ----- | ----------- |
+| `SPAM_SOURCES` | Known spam sources |
+| `WINDOWS_EXPLOITS` | Windows exploit sources |
+| `WEB_ATTACKS` | Web attack sources |
+| `BOTNETS` | Known botnet IPs |
+| `SCANNERS` | Network scanner IPs |
+| `REPUTATION` | Poor reputation IPs |
+| `PHISHING` | Phishing-related IPs |
+| `PROXY` | Anonymous proxy IPs |
+| `MOBILE_THREATS` | Mobile threat sources |
+| `TOR_PROXY` | Tor exit nodes |
+| `DENIAL_OF_SERVICE` | DoS attack sources |
+| `NETWORK` | Known bad network ranges |
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import using namespace/name format
+terraform import f5xc_namespace.example system/example
+```

package/dist/docs/resources/oidc_provider.md

@@ -0,0 +1,291 @@
+---
+page_title: "f5xc_oidc_provider Resource - terraform-provider-f5xc"
+subcategory: "Authentication"
+description: |-
+  Manages a OIDC Provider resource in F5 Distributed Cloud for customcreatespectype is the spec to create oidc provider configuration.
+---
+
+# f5xc_oidc_provider (Resource)
+
+Manages a OIDC Provider resource in F5 Distributed Cloud for customcreatespectype is the spec to create oidc provider configuration.
+
+~> **Note** For more information about this resource, please refer to the [F5 XC API Documentation](https://docs.cloud.f5.com/docs/api/).
+
+## Example Usage
+
+```terraform
+# OIDC Provider Resource Example
+# Manages a OIDC Provider resource in F5 Distributed Cloud for customcreatespectype is the spec to create oidc provider configuration.
+
+# Basic OIDC Provider configuration
+resource "f5xc_oidc_provider" "example" {
+  name      = "example-oidc-provider"
+  namespace = "staging"
+
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+
+  annotations = {
+    "owner" = "platform-team"
+  }
+
+  # Resource-specific configuration
+  # [OneOf: azure_oidc_spec_type, google_oidc_spec_type, oidc...
+  azure_oidc_spec_type {
+    # Configure azure_oidc_spec_type settings
+  }
+  # Google OIDC Spec Type. GoogleOIDCSpecType specifies the a...
+  google_oidc_spec_type {
+    # Configure google_oidc_spec_type settings
+  }
+  # OpenID Connect v1.0 Spec Type. OIDCV10SpecType specifies ...
+  oidc_v10_spec_type {
+    # Configure oidc_v10_spec_type settings
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+
+### Metadata Argument Reference
+
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the OIDC Provider. Must be unique within the namespace
+
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the OIDC Provider will be created
+
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+
+### Spec Argument Reference
+
+-> **One of the following:**
+&#x2022; <a id="azure-oidc-spec-type"></a>[`azure_oidc_spec_type`](#azure-oidc-spec-type) - Optional Block<br>Azure OIDC Spec Type. AzureOIDCSpecType specifies the attributes required to configure Azure provider<br>See [Azure OIDC Spec Type](#azure-oidc-spec-type) below for details.
+<br><br>&#x2022; <a id="google-oidc-spec-type"></a>[`google_oidc_spec_type`](#google-oidc-spec-type) - Optional Block<br>Google OIDC Spec Type. GoogleOIDCSpecType specifies the attributes required to configure google provider<br>See [Google OIDC Spec Type](#google-oidc-spec-type) below for details.
+<br><br>&#x2022; <a id="oidc-v10-spec-type"></a>[`oidc_v10_spec_type`](#oidc-v10-spec-type) - Optional Block<br>OpenID Connect v1.0 Spec Type. OIDCV10SpecType specifies the attributes required to configure OIDC provider<br>See [OIDC V10 Spec Type](#oidc-v10-spec-type) below for details.
+<br><br>&#x2022; <a id="okta-oidc-spec-type"></a>[`okta_oidc_spec_type`](#okta-oidc-spec-type) - Optional Block<br>Okta OpenID Connect Spec Type. OKTAOIDCSpecType specifies the attributes required to configure okta OIDC provider<br>See [Okta OIDC Spec Type](#okta-oidc-spec-type) below for details.
+
+<a id="provider-type"></a>&#x2022; [`provider_type`](#provider-type) - Optional String  Defaults to `DEFAULT`<br>Possible values are `DEFAULT`, `GOOGLE`, `AZURE`, `OKTA`<br>[Enum: DEFAULT|GOOGLE|AZURE|OKTA] Provider Type. Types of OIDC providers Default provider. use this for standard OpenIDConnect v1.0 Authenticate with Google OIDC Authenticate with Azure OIDC Authenticate with Okta OIDC
+
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+
+### Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+
+---
+
+#### Azure OIDC Spec Type
+
+An [`azure_oidc_spec_type`](#azure-oidc-spec-type) block supports the following:
+
+<a id="azure-oidc-spec-type-authorization-url"></a>&#x2022; [`authorization_url`](#azure-oidc-spec-type-authorization-url) - Optional String<br>Authorization URL. The authorization URL of your OIDC application
+
+<a id="azure-oidc-spec-type-backchannel-logout"></a>&#x2022; [`backchannel_logout`](#azure-oidc-spec-type-backchannel-logout) - Optional Bool<br>Backchannel Logout. Does the external IDP support backchannel logout?
+
+<a id="azure-oidc-spec-type-client-id"></a>&#x2022; [`client_id`](#azure-oidc-spec-type-client-id) - Optional String<br>Client ID. Client ID of the OIDC application registered with azure provider. REQUIRED field
+
+<a id="azure-oidc-spec-type-client-secret"></a>&#x2022; [`client_secret`](#azure-oidc-spec-type-client-secret) - Optional String<br>Client Secret. Secret of the OIDC application registered with azure provider
+
+<a id="azure-oidc-spec-type-default-scopes"></a>&#x2022; [`default_scopes`](#azure-oidc-spec-type-default-scopes) - Optional String<br>Default Scopes. The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. The recommendation is to set the default scopes as 'openid profile email' and is to add additional scopes if needed
+
+<a id="azure-oidc-spec-type-issuer"></a>&#x2022; [`issuer`](#azure-oidc-spec-type-issuer) - Optional String<br>Issuer. The issuer identifier for the issuer of the response. If not provided, no validation will be performed
+
+<a id="azure-oidc-spec-type-jwks-url"></a>&#x2022; [`jwks_url`](#azure-oidc-spec-type-jwks-url) - Optional String<br>JWKS URL. URL where identity provider keys in JWK format are stored
+
+<a id="azure-oidc-spec-type-logout-url"></a>&#x2022; [`logout_url`](#azure-oidc-spec-type-logout-url) - Optional String<br>Logout URL. Logout URL specified in your OIDC application
+
+<a id="azure-oidc-spec-type-prompt"></a>&#x2022; [`prompt`](#azure-oidc-spec-type-prompt) - Optional String<br>Possible values are `UNSPECIFIED`, `NONE`, `CONSENT`, `LOGIN`, `SELECT_ACCOUNT`<br>[Enum: UNSPECIFIED|NONE|CONSENT|LOGIN|SELECT_ACCOUNT] Prompt Type. Type of prompt authorization server for end-user reauthentication and consent default value for no prompt. when this is set, no prompt parameter will be set on authorization request. The Authorization Server will not display any authentication or consent user interface page. The Authorization Server prompts the End-User for consent before returning information to the Client The Authorization Server prompts the End-User for reauthentication. The Authorization Server prompts the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for
+
+<a id="azure-oidc-spec-type-token-url"></a>&#x2022; [`token_url`](#azure-oidc-spec-type-token-url) - Optional String<br>Token URL. The token URL of your OIDC application
+
+<a id="azure-oidc-spec-type-user-info-url"></a>&#x2022; [`user_info_url`](#azure-oidc-spec-type-user-info-url) - Optional String<br>User Info URL. The User Info URL specified in your OIDC application
+
+#### Google OIDC Spec Type
+
+A [`google_oidc_spec_type`](#google-oidc-spec-type) block supports the following:
+
+<a id="google-oidc-spec-type-client-id"></a>&#x2022; [`client_id`](#google-oidc-spec-type-client-id) - Optional String<br>Client ID. Client ID of the OIDC application registered with google provider. REQUIRED field
+
+<a id="google-oidc-spec-type-client-secret"></a>&#x2022; [`client_secret`](#google-oidc-spec-type-client-secret) - Optional String<br>Client Secret. Secret of the OIDC application registered with google provider
+
+<a id="google-oidc-spec-type-hosted-domain"></a>&#x2022; [`hosted_domain`](#google-oidc-spec-type-hosted-domain) - Optional String<br>Hosted Domain. set hosted domain to restrict user input on login form to use email address from this email domain. for example, setting value company.com will enforce user email input to have only `username@company.com` leave empty if no restriction is required for email address. ie for example allow `user@company1.com` and `user@company2.com`
+
+#### OIDC V10 Spec Type
+
+An [`oidc_v10_spec_type`](#oidc-v10-spec-type) block supports the following:
+
+<a id="oidc-v10-spec-type-allowed-clock-skew"></a>&#x2022; [`allowed_clock_skew`](#oidc-v10-spec-type-allowed-clock-skew) - Optional String  Defaults to `zero`<br>Allowed Clock Skew. Clock skew in seconds that is tolerated when validating identity provider tokens
+
+<a id="oidc-v10-spec-type-authorization-url"></a>&#x2022; [`authorization_url`](#oidc-v10-spec-type-authorization-url) - Optional String<br>Authorization URL. The authorization URL of your OIDC application
+
+<a id="oidc-v10-spec-type-backchannel-logout"></a>&#x2022; [`backchannel_logout`](#oidc-v10-spec-type-backchannel-logout) - Optional Bool<br>Backchannel Logout. Does the external IDP support backchannel logout?
+
+<a id="oidc-v10-spec-type-client-id"></a>&#x2022; [`client_id`](#oidc-v10-spec-type-client-id) - Optional String<br>Client ID. Client ID of the OIDC application registered with your identity/OIDC provider
+
+<a id="oidc-v10-spec-type-client-secret"></a>&#x2022; [`client_secret`](#oidc-v10-spec-type-client-secret) - Optional String<br>Client Secret. Secret of the OIDC application registered with your identity/OIDC provider
+
+<a id="oidc-v10-spec-type-default-scopes"></a>&#x2022; [`default_scopes`](#oidc-v10-spec-type-default-scopes) - Optional String<br>Default Scopes. The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. The recommendation is to set the default scopes as 'openid profile email' and is to add additional scopes if needed
+
+<a id="oidc-v10-spec-type-disable-user-info"></a>&#x2022; [`disable_user_info`](#oidc-v10-spec-type-disable-user-info) - Optional Bool<br>Disable User Info. Disable fetching of user info information
+
+<a id="oidc-v10-spec-type-display-name"></a>&#x2022; [`display_name`](#oidc-v10-spec-type-display-name) - Optional String<br>Display Name. Friendly name for identity provider
+
+<a id="parameters-902350"></a>&#x2022; [`forwarded_query_parameters`](#parameters-902350) - Optional String<br>Forwarded Query Parameters. Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,)
+
+<a id="oidc-v10-spec-type-issuer"></a>&#x2022; [`issuer`](#oidc-v10-spec-type-issuer) - Optional String<br>Issuer. The issuer identifier for the issuer of the response. If not provided, no validation will be performed
+
+<a id="oidc-v10-spec-type-jwks-url"></a>&#x2022; [`jwks_url`](#oidc-v10-spec-type-jwks-url) - Optional String<br>JWKS URL. URL where identity provider keys in JWK format are stored
+
+<a id="oidc-v10-spec-type-logout-url"></a>&#x2022; [`logout_url`](#oidc-v10-spec-type-logout-url) - Optional String<br>Logout URL. Logout URL specified in your OIDC application
+
+<a id="oidc-v10-spec-type-pass-current-locale"></a>&#x2022; [`pass_current_locale`](#oidc-v10-spec-type-pass-current-locale) - Optional Bool<br>Pass Current Locale. Pass the current locale to the identity provider
+
+<a id="oidc-v10-spec-type-pass-login-hint"></a>&#x2022; [`pass_login_hint`](#oidc-v10-spec-type-pass-login-hint) - Optional Bool<br>Pass Login Hint. Pass login_hint to identity provider
+
+<a id="oidc-v10-spec-type-prompt"></a>&#x2022; [`prompt`](#oidc-v10-spec-type-prompt) - Optional String<br>Possible values are `UNSPECIFIED`, `NONE`, `CONSENT`, `LOGIN`, `SELECT_ACCOUNT`<br>[Enum: UNSPECIFIED|NONE|CONSENT|LOGIN|SELECT_ACCOUNT] Prompt Type. Type of prompt authorization server for end-user reauthentication and consent default value for no prompt. when this is set, no prompt parameter will be set on authorization request. The Authorization Server will not display any authentication or consent user interface page. The Authorization Server prompts the End-User for consent before returning information to the Client The Authorization Server prompts the End-User for reauthentication. The Authorization Server prompts the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for
+
+<a id="oidc-v10-spec-type-token-url"></a>&#x2022; [`token_url`](#oidc-v10-spec-type-token-url) - Optional String<br>Token URL. The token URL of your OIDC application
+
+<a id="oidc-v10-spec-type-user-info-url"></a>&#x2022; [`user_info_url`](#oidc-v10-spec-type-user-info-url) - Optional String<br>User Info URL. The User Info URL specified in your OIDC application
+
+<a id="oidc-v10-spec-type-validate-signatures"></a>&#x2022; [`validate_signatures`](#oidc-v10-spec-type-validate-signatures) - Optional Bool<br>Validate Signatures. Enable/disable signature validation of external IDP signatures
+
+#### Okta OIDC Spec Type
+
+An [`okta_oidc_spec_type`](#okta-oidc-spec-type) block supports the following:
+
+<a id="okta-oidc-spec-type-authorization-url"></a>&#x2022; [`authorization_url`](#okta-oidc-spec-type-authorization-url) - Optional String<br>Authorization URL. The authorization URL of your OIDC application
+
+<a id="okta-oidc-spec-type-backchannel-logout"></a>&#x2022; [`backchannel_logout`](#okta-oidc-spec-type-backchannel-logout) - Optional Bool<br>Backchannel Logout. Does the external IDP support backchannel logout?
+
+<a id="okta-oidc-spec-type-client-id"></a>&#x2022; [`client_id`](#okta-oidc-spec-type-client-id) - Optional String<br>Client ID. Client ID of the OIDC application registered with azure provider
+
+<a id="okta-oidc-spec-type-client-secret"></a>&#x2022; [`client_secret`](#okta-oidc-spec-type-client-secret) - Optional String<br>Client Secret. Secret of the OIDC application registered with azure provider
+
+<a id="okta-oidc-spec-type-default-scopes"></a>&#x2022; [`default_scopes`](#okta-oidc-spec-type-default-scopes) - Optional String<br>Default Scopes. The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. The recommendation is to set the default scopes as 'openid profile email' and is to add additional scopes if needed
+
+<a id="okta-oidc-spec-type-issuer"></a>&#x2022; [`issuer`](#okta-oidc-spec-type-issuer) - Optional String<br>Issuer. The issuer identifier for the issuer of the response. If not provided, no validation will be performed
+
+<a id="okta-oidc-spec-type-jwks-url"></a>&#x2022; [`jwks_url`](#okta-oidc-spec-type-jwks-url) - Optional String<br>JWKS URL. URL where identity provider keys in JWK format are stored
+
+<a id="okta-oidc-spec-type-logout-url"></a>&#x2022; [`logout_url`](#okta-oidc-spec-type-logout-url) - Optional String<br>Logout URL. Logout URL specified in your OIDC application
+
+<a id="okta-oidc-spec-type-prompt"></a>&#x2022; [`prompt`](#okta-oidc-spec-type-prompt) - Optional String<br>Possible values are `UNSPECIFIED`, `NONE`, `CONSENT`, `LOGIN`, `SELECT_ACCOUNT`<br>[Enum: UNSPECIFIED|NONE|CONSENT|LOGIN|SELECT_ACCOUNT] Prompt Type. Type of prompt authorization server for end-user reauthentication and consent default value for no prompt. when this is set, no prompt parameter will be set on authorization request. The Authorization Server will not display any authentication or consent user interface page. The Authorization Server prompts the End-User for consent before returning information to the Client The Authorization Server prompts the End-User for reauthentication. The Authorization Server prompts the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for
+
+<a id="okta-oidc-spec-type-token-url"></a>&#x2022; [`token_url`](#okta-oidc-spec-type-token-url) - Optional String<br>Token URL. The token URL of your OIDC application
+
+<a id="okta-oidc-spec-type-user-info-url"></a>&#x2022; [`user_info_url`](#okta-oidc-spec-type-user-info-url) - Optional String<br>User Info URL. The User Info URL specified in your OIDC application
+
+#### Timeouts
+
+A [`timeouts`](#timeouts) block supports the following:
+
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+
+---
+
+## Common Types
+
+The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
+
+### Object Reference {#common-object-reference}
+
+Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format `tenant/namespace/name`.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `name` | String | Name of the referenced object |
+| `namespace` | String | Namespace containing the referenced object |
+| `tenant` | String | Tenant of the referenced object (system-managed) |
+
+### Transformers {#common-transformers}
+
+Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
+
+| Value | Description |
+| ----- | ----------- |
+| `LOWER_CASE` | Convert to lowercase |
+| `UPPER_CASE` | Convert to uppercase |
+| `BASE64_DECODE` | Decode base64 content |
+| `NORMALIZE_PATH` | Normalize URL path |
+| `REMOVE_WHITESPACE` | Remove whitespace characters |
+| `URL_DECODE` | Decode URL-encoded characters |
+| `TRIM_LEFT` | Trim leading whitespace |
+| `TRIM_RIGHT` | Trim trailing whitespace |
+| `TRIM` | Trim both leading and trailing whitespace |
+
+### HTTP Methods {#common-http-methods}
+
+HTTP methods used for request matching.
+
+| Value | Description |
+| ----- | ----------- |
+| `ANY` | Match any HTTP method |
+| `GET` | HTTP GET request |
+| `HEAD` | HTTP HEAD request |
+| `POST` | HTTP POST request |
+| `PUT` | HTTP PUT request |
+| `DELETE` | HTTP DELETE request |
+| `CONNECT` | HTTP CONNECT request |
+| `OPTIONS` | HTTP OPTIONS request |
+| `TRACE` | HTTP TRACE request |
+| `PATCH` | HTTP PATCH request |
+| `COPY` | HTTP COPY request (WebDAV) |
+
+### TLS Fingerprints {#common-tls-fingerprints}
+
+TLS fingerprint categories for malicious client detection.
+
+| Value | Description |
+| ----- | ----------- |
+| `TLS_FINGERPRINT_NONE` | No fingerprint matching |
+| `ANY_MALICIOUS_FINGERPRINT` | Match any known malicious fingerprint |
+| `ADWARE` | Adware-associated fingerprints |
+| `DRIDEX` | Dridex malware fingerprints |
+| `GOOTKIT` | Gootkit malware fingerprints |
+| `RANSOMWARE` | Ransomware-associated fingerprints |
+| `TRICKBOT` | Trickbot malware fingerprints |
+
+### IP Threat Categories {#common-ip-threat-categories}
+
+IP address threat categories for security filtering.
+
+| Value | Description |
+| ----- | ----------- |
+| `SPAM_SOURCES` | Known spam sources |
+| `WINDOWS_EXPLOITS` | Windows exploit sources |
+| `WEB_ATTACKS` | Web attack sources |
+| `BOTNETS` | Known botnet IPs |
+| `SCANNERS` | Network scanner IPs |
+| `REPUTATION` | Poor reputation IPs |
+| `PHISHING` | Phishing-related IPs |
+| `PROXY` | Anonymous proxy IPs |
+| `MOBILE_THREATS` | Mobile threat sources |
+| `TOR_PROXY` | Tor exit nodes |
+| `DENIAL_OF_SERVICE` | DoS attack sources |
+| `NETWORK` | Known bad network ranges |
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import using namespace/name format
+terraform import f5xc_oidc_provider.example system/example
+```

package/dist/docs/resources/quota.md

@@ -0,0 +1,187 @@
+---
+page_title: "f5xc_quota Resource - terraform-provider-f5xc"
+subcategory: "Organization"
+description: |-
+  Manages quota creates a given object from storage backend for metadata.namespace. in F5 Distributed Cloud.
+---
+
+# f5xc_quota (Resource)
+
+Manages quota creates a given object from storage backend for metadata.namespace. in F5 Distributed Cloud.
+
+~> **Note** For more information about this resource, please refer to the [F5 XC API Documentation](https://docs.cloud.f5.com/docs/api/).
+
+## Example Usage
+
+```terraform
+# Quota Resource Example
+# Manages quota creates a given object from storage backend for metadata.namespace. in F5 Distributed Cloud.
+
+# Basic Quota configuration
+resource "f5xc_quota" "example" {
+  name      = "example-quota"
+  namespace = "staging"
+
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+
+  annotations = {
+    "owner" = "platform-team"
+  }
+
+  # Resource-specific configuration
+  # API Limits. API Limits defines ratelimit parameters for a...
+  api_limits {
+    # Configure api_limits settings
+  }
+  # Object Limits. Object Limits define maximum number of ins...
+  object_limits {
+    # Configure object_limits settings
+  }
+  # Resource Limits. Resource Limits define maximum value of ...
+  resource_limits {
+    # Configure resource_limits settings
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+
+### Metadata Argument Reference
+
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the Quota. Must be unique within the namespace
+
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the Quota will be created
+
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+
+### Spec Argument Reference
+
+<a id="api-limits"></a>&#x2022; [`api_limits`](#api-limits) - Optional Block<br>API Limits. API Limits defines ratelimit parameters for an API at the stdlib service The key of the api_limits map is rpc FQN e.g. 'ves.io.schema.advertise_policy.API.Create'
+
+<a id="object-limits"></a>&#x2022; [`object_limits`](#object-limits) - Optional Block<br>Object Limits. Object Limits define maximum number of instances that can be present per object kind for the tenant The key of the object_limits map is object kind e.g. 'virtual_host'
+
+<a id="resource-limits"></a>&#x2022; [`resource_limits`](#resource-limits) - Optional Block<br>Resource Limits. Resource Limits define maximum value of resources in the appropriate units that can be present. The key of the resource limits is the resource name
+
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+
+### Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+
+---
+
+#### Timeouts
+
+A [`timeouts`](#timeouts) block supports the following:
+
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+
+---
+
+## Common Types
+
+The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
+
+### Object Reference {#common-object-reference}
+
+Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format `tenant/namespace/name`.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `name` | String | Name of the referenced object |
+| `namespace` | String | Namespace containing the referenced object |
+| `tenant` | String | Tenant of the referenced object (system-managed) |
+
+### Transformers {#common-transformers}
+
+Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
+
+| Value | Description |
+| ----- | ----------- |
+| `LOWER_CASE` | Convert to lowercase |
+| `UPPER_CASE` | Convert to uppercase |
+| `BASE64_DECODE` | Decode base64 content |
+| `NORMALIZE_PATH` | Normalize URL path |
+| `REMOVE_WHITESPACE` | Remove whitespace characters |
+| `URL_DECODE` | Decode URL-encoded characters |
+| `TRIM_LEFT` | Trim leading whitespace |
+| `TRIM_RIGHT` | Trim trailing whitespace |
+| `TRIM` | Trim both leading and trailing whitespace |
+
+### HTTP Methods {#common-http-methods}
+
+HTTP methods used for request matching.
+
+| Value | Description |
+| ----- | ----------- |
+| `ANY` | Match any HTTP method |
+| `GET` | HTTP GET request |
+| `HEAD` | HTTP HEAD request |
+| `POST` | HTTP POST request |
+| `PUT` | HTTP PUT request |
+| `DELETE` | HTTP DELETE request |
+| `CONNECT` | HTTP CONNECT request |
+| `OPTIONS` | HTTP OPTIONS request |
+| `TRACE` | HTTP TRACE request |
+| `PATCH` | HTTP PATCH request |
+| `COPY` | HTTP COPY request (WebDAV) |
+
+### TLS Fingerprints {#common-tls-fingerprints}
+
+TLS fingerprint categories for malicious client detection.
+
+| Value | Description |
+| ----- | ----------- |
+| `TLS_FINGERPRINT_NONE` | No fingerprint matching |
+| `ANY_MALICIOUS_FINGERPRINT` | Match any known malicious fingerprint |
+| `ADWARE` | Adware-associated fingerprints |
+| `DRIDEX` | Dridex malware fingerprints |
+| `GOOTKIT` | Gootkit malware fingerprints |
+| `RANSOMWARE` | Ransomware-associated fingerprints |
+| `TRICKBOT` | Trickbot malware fingerprints |
+
+### IP Threat Categories {#common-ip-threat-categories}
+
+IP address threat categories for security filtering.
+
+| Value | Description |
+| ----- | ----------- |
+| `SPAM_SOURCES` | Known spam sources |
+| `WINDOWS_EXPLOITS` | Windows exploit sources |
+| `WEB_ATTACKS` | Web attack sources |
+| `BOTNETS` | Known botnet IPs |
+| `SCANNERS` | Network scanner IPs |
+| `REPUTATION` | Poor reputation IPs |
+| `PHISHING` | Phishing-related IPs |
+| `PROXY` | Anonymous proxy IPs |
+| `MOBILE_THREATS` | Mobile threat sources |
+| `TOR_PROXY` | Tor exit nodes |
+| `DENIAL_OF_SERVICE` | DoS attack sources |
+| `NETWORK` | Known bad network ranges |
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import using namespace/name format
+terraform import f5xc_quota.example system/example
+```