@robinmordasiewicz/f5xc-terraform-mcp 3.0.1 → 3.1.0

package/dist/docs/resources/k8s_pod_security_policy.md

@@ -0,0 +1,337 @@
+---
+page_title: "f5xc_k8s_pod_security_policy Resource - terraform-provider-f5xc"
+subcategory: "Security"
+description: |-
+  Manages k8s_pod_security_policy will create the object in the storage backend for namespace metadata.namespace in F5 Distributed Cloud.
+---
+
+# f5xc_k8s_pod_security_policy (Resource)
+
+Manages k8s_pod_security_policy will create the object in the storage backend for namespace metadata.namespace in F5 Distributed Cloud.
+
+~> **Note** For more information about this resource, please refer to the [F5 XC API Documentation](https://docs.cloud.f5.com/docs/api/).
+
+## Example Usage
+
+```terraform
+# K8S Pod Security Policy Resource Example
+# Manages k8s_pod_security_policy will create the object in the storage backend for namespace metadata.namespace in F5 Distributed Cloud.
+
+# Basic K8S Pod Security Policy configuration
+resource "f5xc_k8s_pod_security_policy" "example" {
+  name      = "example-k8s-pod-security-policy"
+  namespace = "staging"
+
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+
+  annotations = {
+    "owner" = "platform-team"
+  }
+
+  # Resource-specific configuration
+  # [OneOf: psp_spec, yaml] Pod Security Policy Specification...
+  psp_spec {
+    # Configure psp_spec settings
+  }
+  # Capability List. List of capabilities that docker contain...
+  allowed_capabilities {
+    # Configure allowed_capabilities settings
+  }
+  # Allowed Host Paths. Restrict list of host paths, default ...
+  allowed_host_paths {
+    # Configure allowed_host_paths settings
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+
+### Metadata Argument Reference
+
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the K8S Pod Security Policy. Must be unique within the namespace
+
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the K8S Pod Security Policy will be created
+
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+
+### Spec Argument Reference
+
+-> **One of the following:**
+&#x2022; <a id="psp-spec"></a>[`psp_spec`](#psp-spec) - Optional Block<br>Pod Security Policy Specification. Form based pod security specification<br>See [Psp Spec](#psp-spec) below for details.
+<br><br>&#x2022; <a id="yaml"></a>[`yaml`](#yaml) - Optional String<br>K8S YAML. K8S YAML for Pod Security Policy
+
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+
+### Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+
+---
+
+#### Psp Spec
+
+A [`psp_spec`](#psp-spec) block supports the following:
+
+<a id="psp-spec-allow-privilege-escalation"></a>&#x2022; [`allow_privilege_escalation`](#psp-spec-allow-privilege-escalation) - Optional Bool<br>Allow Privilege Escalation. Pod can request to privilege escalation
+
+<a id="psp-spec-allowed-capabilities"></a>&#x2022; [`allowed_capabilities`](#psp-spec-allowed-capabilities) - Optional Block<br>Capability List. List of capabilities that docker container has<br>See [Allowed Capabilities](#psp-spec-allowed-capabilities) below.
+
+<a id="psp-spec-allowed-csi-drivers"></a>&#x2022; [`allowed_csi_drivers`](#psp-spec-allowed-csi-drivers) - Optional List<br>Allowed CSI drivers. Restrict the available CSI drivers for POD, default all drivers are available
+
+<a id="psp-spec-allowed-flex-volumes"></a>&#x2022; [`allowed_flex_volumes`](#psp-spec-allowed-flex-volumes) - Optional List<br>Allowed Flex Volumes. Restrict list of Flex volumes, default all volumes are allowed
+
+<a id="psp-spec-allowed-host-paths"></a>&#x2022; [`allowed_host_paths`](#psp-spec-allowed-host-paths) - Optional Block<br>Allowed Host Paths. Restrict list of host paths, default all host paths are allowed<br>See [Allowed Host Paths](#psp-spec-allowed-host-paths) below.
+
+<a id="psp-spec-allowed-proc-mounts"></a>&#x2022; [`allowed_proc_mounts`](#psp-spec-allowed-proc-mounts) - Optional List<br>Allowed Proc Mounts. allowed list of proc mounts, empty list allows default proc mounts
+
+<a id="psp-spec-allowed-unsafe-sysctls"></a>&#x2022; [`allowed_unsafe_sysctls`](#psp-spec-allowed-unsafe-sysctls) - Optional List<br>Allowed Unsafe Sysctls. allowed list of unsafe sysctls, empty list allows none. supports prefix reg-ex
+
+<a id="escalation-d3a7ab"></a>&#x2022; [`default_allow_privilege_escalation`](#escalation-d3a7ab) - Optional Bool<br>Default Allow Privilege Escalation. Pod has permission for privilege escalation by default
+
+<a id="psp-spec-default-capabilities"></a>&#x2022; [`default_capabilities`](#psp-spec-default-capabilities) - Optional Block<br>Capability List. List of capabilities that docker container has<br>See [Default Capabilities](#psp-spec-default-capabilities) below.
+
+<a id="psp-spec-drop-capabilities"></a>&#x2022; [`drop_capabilities`](#psp-spec-drop-capabilities) - Optional Block<br>Capability List. List of capabilities that docker container has<br>See [Drop Capabilities](#psp-spec-drop-capabilities) below.
+
+<a id="psp-spec-forbidden-sysctls"></a>&#x2022; [`forbidden_sysctls`](#psp-spec-forbidden-sysctls) - Optional List<br>Forbidden Sysctls. Forbidden list of sysctls, empty list forbids none. supports prefix reg-ex
+
+<a id="psp-spec-fs-group-strategy-options"></a>&#x2022; [`fs_group_strategy_options`](#psp-spec-fs-group-strategy-options) - Optional Block<br>ID(User,Group,FSGroup) Strategy. ID ranges and rules<br>See [Fs Group Strategy Options](#psp-spec-fs-group-strategy-options) below.
+
+<a id="psp-spec-host-ipc"></a>&#x2022; [`host_ipc`](#psp-spec-host-ipc) - Optional Bool<br>Host IPC. Host IPC determines if the policy allows the use of host IPC in the pod spec
+
+<a id="psp-spec-host-network"></a>&#x2022; [`host_network`](#psp-spec-host-network) - Optional Bool<br>Host Network. Host Network determines if the policy allows the use of host network in the pod spec
+
+<a id="psp-spec-host-pid"></a>&#x2022; [`host_pid`](#psp-spec-host-pid) - Optional Bool<br>Host PID. Host PID determines if the policy allows the use of host PID in the pod spec
+
+<a id="psp-spec-host-port-ranges"></a>&#x2022; [`host_port_ranges`](#psp-spec-host-port-ranges) - Optional String<br>Host Ports Ranges. Host port ranges determines which ports ranges are allowed to be exposed
+
+<a id="psp-spec-no-allowed-capabilities"></a>&#x2022; [`no_allowed_capabilities`](#psp-spec-no-allowed-capabilities) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-default-capabilities"></a>&#x2022; [`no_default_capabilities`](#psp-spec-no-default-capabilities) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-drop-capabilities"></a>&#x2022; [`no_drop_capabilities`](#psp-spec-no-drop-capabilities) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-fs-groups"></a>&#x2022; [`no_fs_groups`](#psp-spec-no-fs-groups) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-run-as-group"></a>&#x2022; [`no_run_as_group`](#psp-spec-no-run-as-group) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-run-as-user"></a>&#x2022; [`no_run_as_user`](#psp-spec-no-run-as-user) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-runtime-class"></a>&#x2022; [`no_runtime_class`](#psp-spec-no-runtime-class) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-se-linux-options"></a>&#x2022; [`no_se_linux_options`](#psp-spec-no-se-linux-options) - Optional Block<br>Enable this option
+
+<a id="psp-spec-no-supplemental-groups"></a>&#x2022; [`no_supplemental_groups`](#psp-spec-no-supplemental-groups) - Optional Block<br>Enable this option
+
+<a id="psp-spec-privileged"></a>&#x2022; [`privileged`](#psp-spec-privileged) - Optional Bool<br>Privileged. Privileged determines if a pod can request to be run as privileged
+
+<a id="psp-spec-read-only-root-filesystem"></a>&#x2022; [`read_only_root_filesystem`](#psp-spec-read-only-root-filesystem) - Optional Bool<br>Read Only Root Filesystem. Containers can only run with read only root filesystem
+
+<a id="psp-spec-run-as-group"></a>&#x2022; [`run_as_group`](#psp-spec-run-as-group) - Optional Block<br>ID(User,Group,FSGroup) Strategy. ID ranges and rules<br>See [Run As Group](#psp-spec-run-as-group) below.
+
+<a id="psp-spec-run-as-user"></a>&#x2022; [`run_as_user`](#psp-spec-run-as-user) - Optional Block<br>ID(User,Group,FSGroup) Strategy. ID ranges and rules<br>See [Run As User](#psp-spec-run-as-user) below.
+
+<a id="psp-spec-supplemental-groups"></a>&#x2022; [`supplemental_groups`](#psp-spec-supplemental-groups) - Optional Block<br>ID(User,Group,FSGroup) Strategy. ID ranges and rules<br>See [Supplemental Groups](#psp-spec-supplemental-groups) below.
+
+<a id="psp-spec-volumes"></a>&#x2022; [`volumes`](#psp-spec-volumes) - Optional List<br>Volume. Allow List of volume plugins. Empty no volumes are allowed
+
+#### Psp Spec Allowed Capabilities
+
+An [`allowed_capabilities`](#psp-spec-allowed-capabilities) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="capabilities-e66bba"></a>&#x2022; [`capabilities`](#capabilities-e66bba) - Optional List<br>Capability List. List of capabilities that docker container has
+
+#### Psp Spec Allowed Host Paths
+
+An [`allowed_host_paths`](#psp-spec-allowed-host-paths) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="psp-spec-allowed-host-paths-path-prefix"></a>&#x2022; [`path_prefix`](#psp-spec-allowed-host-paths-path-prefix) - Optional String<br>Host Path Prefix. Host path prefix is the path prefix that the host volume must match. It does not support \*
+
+<a id="psp-spec-allowed-host-paths-read-only"></a>&#x2022; [`read_only`](#psp-spec-allowed-host-paths-read-only) - Optional Bool<br>Read Only. This volume will be allowed to mount read only
+
+#### Psp Spec Default Capabilities
+
+A [`default_capabilities`](#psp-spec-default-capabilities) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="capabilities-15b1b9"></a>&#x2022; [`capabilities`](#capabilities-15b1b9) - Optional List<br>Capability List. List of capabilities that docker container has
+
+#### Psp Spec Drop Capabilities
+
+A [`drop_capabilities`](#psp-spec-drop-capabilities) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="psp-spec-drop-capabilities-capabilities"></a>&#x2022; [`capabilities`](#psp-spec-drop-capabilities-capabilities) - Optional List<br>Capability List. List of capabilities that docker container has
+
+#### Psp Spec Fs Group Strategy Options
+
+A [`fs_group_strategy_options`](#psp-spec-fs-group-strategy-options) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="ranges-e5468c"></a>&#x2022; [`id_ranges`](#ranges-e5468c) - Optional Block<br>ID Ranges. List of range of ID(s)<br>See [ID Ranges](#ranges-e5468c) below.
+
+<a id="psp-spec-fs-group-strategy-options-rule"></a>&#x2022; [`rule`](#psp-spec-fs-group-strategy-options-rule) - Optional String<br>Rule. Rule indicated how the FS group ID range is used
+
+#### Psp Spec Fs Group Strategy Options ID Ranges
+
+<a id="deep-9e04ba"></a>Deeply nested **Ranges** block collapsed for readability.
+
+#### Psp Spec Run As Group
+
+A [`run_as_group`](#psp-spec-run-as-group) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="psp-spec-run-as-group-id-ranges"></a>&#x2022; [`id_ranges`](#psp-spec-run-as-group-id-ranges) - Optional Block<br>ID Ranges. List of range of ID(s)<br>See [ID Ranges](#psp-spec-run-as-group-id-ranges) below.
+
+<a id="psp-spec-run-as-group-rule"></a>&#x2022; [`rule`](#psp-spec-run-as-group-rule) - Optional String<br>Rule. Rule indicated how the FS group ID range is used
+
+#### Psp Spec Run As Group ID Ranges
+
+An [`id_ranges`](#psp-spec-run-as-group-id-ranges) block (within [`psp_spec.run_as_group`](#psp-spec-run-as-group)) supports the following:
+
+<a id="psp-spec-run-as-group-id-ranges-max-id"></a>&#x2022; [`max_id`](#psp-spec-run-as-group-id-ranges-max-id) - Optional Number<br>Ending ID. Ending(maximum) ID for for ID range
+
+<a id="psp-spec-run-as-group-id-ranges-min-id"></a>&#x2022; [`min_id`](#psp-spec-run-as-group-id-ranges-min-id) - Optional Number<br>Starting ID. Starting(minimum) ID for for ID range
+
+#### Psp Spec Run As User
+
+A [`run_as_user`](#psp-spec-run-as-user) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="psp-spec-run-as-user-id-ranges"></a>&#x2022; [`id_ranges`](#psp-spec-run-as-user-id-ranges) - Optional Block<br>ID Ranges. List of range of ID(s)<br>See [ID Ranges](#psp-spec-run-as-user-id-ranges) below.
+
+<a id="psp-spec-run-as-user-rule"></a>&#x2022; [`rule`](#psp-spec-run-as-user-rule) - Optional String<br>Rule. Rule indicated how the FS group ID range is used
+
+#### Psp Spec Run As User ID Ranges
+
+An [`id_ranges`](#psp-spec-run-as-user-id-ranges) block (within [`psp_spec.run_as_user`](#psp-spec-run-as-user)) supports the following:
+
+<a id="psp-spec-run-as-user-id-ranges-max-id"></a>&#x2022; [`max_id`](#psp-spec-run-as-user-id-ranges-max-id) - Optional Number<br>Ending ID. Ending(maximum) ID for for ID range
+
+<a id="psp-spec-run-as-user-id-ranges-min-id"></a>&#x2022; [`min_id`](#psp-spec-run-as-user-id-ranges-min-id) - Optional Number<br>Starting ID. Starting(minimum) ID for for ID range
+
+#### Psp Spec Supplemental Groups
+
+A [`supplemental_groups`](#psp-spec-supplemental-groups) block (within [`psp_spec`](#psp-spec)) supports the following:
+
+<a id="psp-spec-supplemental-groups-id-ranges"></a>&#x2022; [`id_ranges`](#psp-spec-supplemental-groups-id-ranges) - Optional Block<br>ID Ranges. List of range of ID(s)<br>See [ID Ranges](#psp-spec-supplemental-groups-id-ranges) below.
+
+<a id="psp-spec-supplemental-groups-rule"></a>&#x2022; [`rule`](#psp-spec-supplemental-groups-rule) - Optional String<br>Rule. Rule indicated how the FS group ID range is used
+
+#### Psp Spec Supplemental Groups ID Ranges
+
+An [`id_ranges`](#psp-spec-supplemental-groups-id-ranges) block (within [`psp_spec.supplemental_groups`](#psp-spec-supplemental-groups)) supports the following:
+
+<a id="max-id-83c629"></a>&#x2022; [`max_id`](#max-id-83c629) - Optional Number<br>Ending ID. Ending(maximum) ID for for ID range
+
+<a id="min-id-9f7a47"></a>&#x2022; [`min_id`](#min-id-9f7a47) - Optional Number<br>Starting ID. Starting(minimum) ID for for ID range
+
+#### Timeouts
+
+A [`timeouts`](#timeouts) block supports the following:
+
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+
+---
+
+## Common Types
+
+The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
+
+### Object Reference {#common-object-reference}
+
+Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format `tenant/namespace/name`.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `name` | String | Name of the referenced object |
+| `namespace` | String | Namespace containing the referenced object |
+| `tenant` | String | Tenant of the referenced object (system-managed) |
+
+### Transformers {#common-transformers}
+
+Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
+
+| Value | Description |
+| ----- | ----------- |
+| `LOWER_CASE` | Convert to lowercase |
+| `UPPER_CASE` | Convert to uppercase |
+| `BASE64_DECODE` | Decode base64 content |
+| `NORMALIZE_PATH` | Normalize URL path |
+| `REMOVE_WHITESPACE` | Remove whitespace characters |
+| `URL_DECODE` | Decode URL-encoded characters |
+| `TRIM_LEFT` | Trim leading whitespace |
+| `TRIM_RIGHT` | Trim trailing whitespace |
+| `TRIM` | Trim both leading and trailing whitespace |
+
+### HTTP Methods {#common-http-methods}
+
+HTTP methods used for request matching.
+
+| Value | Description |
+| ----- | ----------- |
+| `ANY` | Match any HTTP method |
+| `GET` | HTTP GET request |
+| `HEAD` | HTTP HEAD request |
+| `POST` | HTTP POST request |
+| `PUT` | HTTP PUT request |
+| `DELETE` | HTTP DELETE request |
+| `CONNECT` | HTTP CONNECT request |
+| `OPTIONS` | HTTP OPTIONS request |
+| `TRACE` | HTTP TRACE request |
+| `PATCH` | HTTP PATCH request |
+| `COPY` | HTTP COPY request (WebDAV) |
+
+### TLS Fingerprints {#common-tls-fingerprints}
+
+TLS fingerprint categories for malicious client detection.
+
+| Value | Description |
+| ----- | ----------- |
+| `TLS_FINGERPRINT_NONE` | No fingerprint matching |
+| `ANY_MALICIOUS_FINGERPRINT` | Match any known malicious fingerprint |
+| `ADWARE` | Adware-associated fingerprints |
+| `DRIDEX` | Dridex malware fingerprints |
+| `GOOTKIT` | Gootkit malware fingerprints |
+| `RANSOMWARE` | Ransomware-associated fingerprints |
+| `TRICKBOT` | Trickbot malware fingerprints |
+
+### IP Threat Categories {#common-ip-threat-categories}
+
+IP address threat categories for security filtering.
+
+| Value | Description |
+| ----- | ----------- |
+| `SPAM_SOURCES` | Known spam sources |
+| `WINDOWS_EXPLOITS` | Windows exploit sources |
+| `WEB_ATTACKS` | Web attack sources |
+| `BOTNETS` | Known botnet IPs |
+| `SCANNERS` | Network scanner IPs |
+| `REPUTATION` | Poor reputation IPs |
+| `PHISHING` | Phishing-related IPs |
+| `PROXY` | Anonymous proxy IPs |
+| `MOBILE_THREATS` | Mobile threat sources |
+| `TOR_PROXY` | Tor exit nodes |
+| `DENIAL_OF_SERVICE` | DoS attack sources |
+| `NETWORK` | Known bad network ranges |
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import using namespace/name format
+terraform import f5xc_k8s_pod_security_policy.example system/example
+```

package/dist/docs/resources/managed_tenant.md

@@ -0,0 +1,193 @@
+---
+page_title: "f5xc_managed_tenant Resource - terraform-provider-f5xc"
+subcategory: "Organization"
+description: |-
+  Manages managed_tenant config instance. Name of the object is name of the tenant that is allowed to manage. in F5 Distributed Cloud.
+---
+
+# f5xc_managed_tenant (Resource)
+
+Manages managed_tenant config instance. Name of the object is name of the tenant that is allowed to manage. in F5 Distributed Cloud.
+
+~> **Note** For more information about this resource, please refer to the [F5 XC API Documentation](https://docs.cloud.f5.com/docs/api/).
+
+## Example Usage
+
+```terraform
+# Managed Tenant Resource Example
+# Manages managed_tenant config instance. Name of the object is name of the tenant that is allowed to manage. in F5 Distributed Cloud.
+
+# Basic Managed Tenant configuration
+resource "f5xc_managed_tenant" "example" {
+  name      = "example-managed-tenant"
+  namespace = "staging"
+
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+
+  annotations = {
+    "owner" = "platform-team"
+  }
+
+  # Resource-specific configuration
+  # Group Mapping. List of local user group association to us...
+  groups {
+    # Configure groups settings
+  }
+  # Object reference. This type establishes a direct referenc...
+  group {
+    # Configure group settings
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+
+### Metadata Argument Reference
+
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the Managed Tenant. Must be unique within the namespace
+
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the Managed Tenant will be created
+
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+
+### Spec Argument Reference
+
+<a id="groups"></a>&#x2022; [`groups`](#groups) - Optional Block<br>Group Mapping. List of local user group association to user groups in the managed tenant specified in the tenant_choice<br>See [Groups](#groups) below for details.
+
+<a id="tenant-id"></a>&#x2022; [`tenant_id`](#tenant-id) - Optional String<br>Managed Tenant ID. Specify the Tenant ID of the existing tenant which needs to be managed. User can select Tenant ID from dropdown if managed tenant has already configured delegated access or manually input the Tenant ID if managed tenant configuration will happen in future
+
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+
+### Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+
+---
+
+#### Groups
+
+A [`groups`](#groups) block supports the following:
+
+<a id="groups-group"></a>&#x2022; [`group`](#groups-group) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Group](#groups-group) below.
+
+<a id="groups-managed-tenant-groups"></a>&#x2022; [`managed_tenant_groups`](#groups-managed-tenant-groups) - Optional List<br>Managed Tenant Groups. List of group names in managed tenant (MT). Note - To properly establish access, admin of managed tenant need to create corresponding Allowed Tenant configuration object with access to use same group names. Once it's setup, when user from original tenant access managed tenant, underlying roles from managed tenant will be applied to user
+
+#### Groups Group
+
+<a id="objref-8dbe1b"></a>Uses standard [Object Reference](#common-object-reference) fields (name, namespace, tenant).
+
+#### Timeouts
+
+A [`timeouts`](#timeouts) block supports the following:
+
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+
+---
+
+## Common Types
+
+The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
+
+### Object Reference {#common-object-reference}
+
+Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format `tenant/namespace/name`.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `name` | String | Name of the referenced object |
+| `namespace` | String | Namespace containing the referenced object |
+| `tenant` | String | Tenant of the referenced object (system-managed) |
+
+### Transformers {#common-transformers}
+
+Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
+
+| Value | Description |
+| ----- | ----------- |
+| `LOWER_CASE` | Convert to lowercase |
+| `UPPER_CASE` | Convert to uppercase |
+| `BASE64_DECODE` | Decode base64 content |
+| `NORMALIZE_PATH` | Normalize URL path |
+| `REMOVE_WHITESPACE` | Remove whitespace characters |
+| `URL_DECODE` | Decode URL-encoded characters |
+| `TRIM_LEFT` | Trim leading whitespace |
+| `TRIM_RIGHT` | Trim trailing whitespace |
+| `TRIM` | Trim both leading and trailing whitespace |
+
+### HTTP Methods {#common-http-methods}
+
+HTTP methods used for request matching.
+
+| Value | Description |
+| ----- | ----------- |
+| `ANY` | Match any HTTP method |
+| `GET` | HTTP GET request |
+| `HEAD` | HTTP HEAD request |
+| `POST` | HTTP POST request |
+| `PUT` | HTTP PUT request |
+| `DELETE` | HTTP DELETE request |
+| `CONNECT` | HTTP CONNECT request |
+| `OPTIONS` | HTTP OPTIONS request |
+| `TRACE` | HTTP TRACE request |
+| `PATCH` | HTTP PATCH request |
+| `COPY` | HTTP COPY request (WebDAV) |
+
+### TLS Fingerprints {#common-tls-fingerprints}
+
+TLS fingerprint categories for malicious client detection.
+
+| Value | Description |
+| ----- | ----------- |
+| `TLS_FINGERPRINT_NONE` | No fingerprint matching |
+| `ANY_MALICIOUS_FINGERPRINT` | Match any known malicious fingerprint |
+| `ADWARE` | Adware-associated fingerprints |
+| `DRIDEX` | Dridex malware fingerprints |
+| `GOOTKIT` | Gootkit malware fingerprints |
+| `RANSOMWARE` | Ransomware-associated fingerprints |
+| `TRICKBOT` | Trickbot malware fingerprints |
+
+### IP Threat Categories {#common-ip-threat-categories}
+
+IP address threat categories for security filtering.
+
+| Value | Description |
+| ----- | ----------- |
+| `SPAM_SOURCES` | Known spam sources |
+| `WINDOWS_EXPLOITS` | Windows exploit sources |
+| `WEB_ATTACKS` | Web attack sources |
+| `BOTNETS` | Known botnet IPs |
+| `SCANNERS` | Network scanner IPs |
+| `REPUTATION` | Poor reputation IPs |
+| `PHISHING` | Phishing-related IPs |
+| `PROXY` | Anonymous proxy IPs |
+| `MOBILE_THREATS` | Mobile threat sources |
+| `TOR_PROXY` | Tor exit nodes |
+| `DENIAL_OF_SERVICE` | DoS attack sources |
+| `NETWORK` | Known bad network ranges |
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import using namespace/name format
+terraform import f5xc_managed_tenant.example system/example
+```