npm - @robinmordasiewicz/f5xc-terraform-mcp - Versions diffs - 3.4.0 → 3.5.1 - Mend

@robinmordasiewicz/f5xc-terraform-mcp 3.4.0 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/README.md +283 -104
package/dist/docs/data-sources/bgp.md +2 -2
package/dist/docs/data-sources/discovery.md +2 -2
package/dist/docs/data-sources/site.md +2 -2
package/dist/docs/index.md +276 -0
package/dist/docs/resources/bgp.md +205 -37
package/dist/docs/resources/discovery.md +259 -8
package/dist/docs/resources/securemesh_site.md +253 -1614
package/dist/docs/resources/site.md +200 -911
package/dist/index.d.ts +2 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +75 -4
package/dist/index.js.map +1 -1
package/dist/metadata/error-patterns.json +192 -0
package/dist/metadata/resource-metadata.json +13095 -0
package/dist/metadata/validation-patterns.json +69 -0
package/dist/schemas/common.d.ts +33 -0
package/dist/schemas/common.d.ts.map +1 -1
package/dist/schemas/common.js +32 -0
package/dist/schemas/common.js.map +1 -1
package/dist/services/documentation.d.ts.map +1 -1
package/dist/services/documentation.js +9 -0
package/dist/services/documentation.js.map +1 -1
package/dist/services/metadata.d.ts +193 -0
package/dist/services/metadata.d.ts.map +1 -0
package/dist/services/metadata.js +367 -0
package/dist/services/metadata.js.map +1 -0
package/dist/tools/discover.d.ts.map +1 -1
package/dist/tools/discover.js +8 -0
package/dist/tools/discover.js.map +1 -1
package/dist/tools/metadata.d.ts +19 -0
package/dist/tools/metadata.d.ts.map +1 -0
package/dist/tools/metadata.js +612 -0
package/dist/tools/metadata.js.map +1 -0
package/dist/types.d.ts +1 -1
package/dist/types.d.ts.map +1 -1
package/package.json +1 -1

package/dist/docs/index.md ADDED Viewed

@@ -0,0 +1,276 @@
+---
+page_title: "F5XC Provider"
+description: |-
+  Terraform provider for F5 Distributed Cloud (F5XC) enabling infrastructure as code for load balancers, security policies, sites, and networking. Community-maintained provider built from public F5 API documentation.
+---
+# F5XC Provider
+The F5XC Terraform provider enables infrastructure as code management for F5 Distributed Cloud (F5XC) resources. Configure HTTP/TCP load balancers, origin pools, application firewalls, service policies, cloud sites, and more through declarative Terraform configurations.
+This is a community-maintained provider built from public F5 API documentation.
+## Requirements
+| Name      | Version |
+|-----------|---------|
+| terraform | >= 1.8  |
+-> **Note:** This provider uses provider-defined functions which require Terraform 1.8 or later. For details, see the [Functions](/docs/functions) documentation.
+## Authenticating to F5 Distributed Cloud
+The F5XC Terraform provider supports multiple authentication methods:
+1. **API Token** - Simplest method using a personal API token
+2. **P12 Certificate** - Certificate-based authentication using PKCS#12 bundle
+3. **PEM Certificate** - Certificate-based authentication using separate cert/key files
+Learn more about [how to generate API credentials](https://docs.cloud.f5.com/docs/how-to/user-mgmt/credentials).
+## Example Usage
+```terraform
+# Configure the F5XC Provider with API Token Authentication
+provider "f5xc" {
+  api_url   = "https://your-tenant.console.ves.volterra.io"
+  api_token = var.f5xc_api_token
+}
+# Alternatively, use environment variables:
+# export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
+# export F5XC_API_TOKEN="your-api-token"
+variable "f5xc_api_token" {
+  description = "F5 Distributed Cloud API Token"
+  type        = string
+  sensitive   = true
+}
+# Or use P12 Certificate Authentication:
+# provider "f5xc" {
+#   api_url      = "https://your-tenant.console.ves.volterra.io"
+#   api_p12_file = "/path/to/certificate.p12"
+#   p12_password = var.f5xc_p12_password
+# }
+#
+# Environment variables for P12 authentication:
+# export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
+# export F5XC_P12_FILE="/path/to/certificate.p12"
+# export F5XC_P12_PASSWORD="your-p12-password"
+```
+## Argument Reference
+### Required (one of the following authentication methods)
+* `api_token` - F5 Distributed Cloud API Token (`String`, Sensitive). Can also be set via `F5XC_API_TOKEN` environment variable.
+* `api_p12_file` - Path to PKCS#12 certificate bundle file (`String`). Can also be set via `F5XC_P12_FILE` environment variable. Requires `p12_password`.
+* `api_cert` and `api_key` - Paths to PEM-encoded certificate and private key files (`String`). Can also be set via `F5XC_CERT` and `F5XC_KEY` environment variables.
+### Optional
+* `api_url` - F5 Distributed Cloud API URL (`String`). Base URL **without** `/api` suffix. Defaults to `https://console.ves.volterra.io`. Can also be set via `F5XC_API_URL` environment variable.
+* `p12_password` - Password for PKCS#12 certificate bundle (`String`, Sensitive). Required when using `api_p12_file`. Can also be set via `F5XC_P12_PASSWORD` environment variable.
+* `api_ca_cert` - Path to PEM-encoded CA certificate file (`String`). Optional, used for server certificate verification. Can also be set via `F5XC_CACERT` environment variable.
+## Authentication Options
+### Option 1: API Token Authentication
+The simplest authentication method using a personal API token.
+**Provider Configuration:**
+```hcl
+provider "f5xc" {
+  api_url   = "https://your-tenant.console.ves.volterra.io"
+  api_token = var.f5xc_api_token
+}
+```
+**Environment Variables:**
+```bash
+export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
+export F5XC_API_TOKEN="your-api-token"
+```
+### Option 2: P12 Certificate Authentication
+Certificate-based authentication using a PKCS#12 bundle downloaded from F5 Distributed Cloud.
+**Provider Configuration:**
+```hcl
+provider "f5xc" {
+  api_url      = "https://your-tenant.console.ves.volterra.io"
+  api_p12_file = "/path/to/certificate.p12"
+  p12_password = var.f5xc_p12_password
+}
+```
+**Environment Variables:**
+```bash
+export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
+export F5XC_P12_FILE="/path/to/certificate.p12"
+export F5XC_P12_PASSWORD="your-p12-password"
+```
+### Option 3: PEM Certificate Authentication
+Certificate-based authentication using separate PEM-encoded certificate and key files.
+**Provider Configuration:**
+```hcl
+provider "f5xc" {
+  api_url     = "https://your-tenant.console.ves.volterra.io"
+  api_cert    = "/path/to/certificate.crt"
+  api_key     = "/path/to/private.key"
+  api_ca_cert = "/path/to/ca-certificate.crt"  # Optional
+}
+```
+**Environment Variables:**
+```bash
+export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
+export F5XC_CERT="/path/to/certificate.crt"
+export F5XC_KEY="/path/to/private.key"
+export F5XC_CACERT="/path/to/ca-certificate.crt"  # Optional
+```
+-> **Note:** Environment variables are the recommended approach for CI/CD pipelines and to avoid storing sensitive credentials in version control.
+## Getting Started
+1. **Generate API Credentials**: Navigate to your F5 Distributed Cloud console, go to **Administration** > **Personal Management** > **Credentials**, and create either an API Token or download a certificate bundle.
+2. **Configure the Provider**: Add the provider configuration to your Terraform files using one of the authentication options above.
+3. **Create Resources**: Start managing F5XC resources like namespaces, load balancers, and origin pools.
+### Example: Create a Namespace
+```hcl
+resource "f5xc_namespace" "example" {
+  name = "example-namespace"
+}
+```
+### Example: Create an HTTP Load Balancer
+```hcl
+resource "f5xc_http_loadbalancer" "example" {
+  name      = "example-load-balancer"
+  namespace = "example-namespace"
+  domains   = ["example.com"]
+}
+```
+## MCP Configuration
+This provider includes a Model Context Protocol (MCP) server that enables AI assistants like Claude to interact with F5 Distributed Cloud resources. The MCP server provides schema information, documentation, and example configurations.
+### Quick Setup for Claude Desktop
+Add the following to your Claude Desktop configuration file:
+**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
+**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
+```json
+{
+  "mcpServers": {
+    "f5xc-terraform": {
+      "command": "npx",
+      "args": ["@robinmordasiewicz/f5xc-terraform-mcp"]
+    }
+  }
+}
+```
+### Quick Setup for Claude Code (CLI)
+Install the MCP server with a single command:
+```bash
+claude mcp add f5xc-terraform -- npx -y @robinmordasiewicz/f5xc-terraform-mcp
+```
+**Scope Options:**
+* `--scope local` (default) - Available only in the current directory
+* `--scope user` - Available in all your Claude Code sessions
+* `--scope project` - Shared with anyone who clones the repository (saved in `.mcp.json`)
+Example with user scope (recommended for personal use):
+```bash
+claude mcp add --scope user f5xc-terraform -- npx -y @robinmordasiewicz/f5xc-terraform-mcp
+```
+**Verify Installation:**
+```bash
+claude mcp list
+```
+You should see `f5xc-terraform` listed with a `✓ Connected` status.
+### Quick Setup for Visual Studio Code
+VS Code 1.99+ supports MCP servers through GitHub Copilot. Choose the installation method that best fits your environment:
+#### Option 1: Workspace Configuration (Recommended)
+Create a `.vscode/mcp.json` file in your workspace:
+```json
+{
+  "servers": {
+    "f5xc-terraform": {
+      "command": "npx",
+      "args": ["-y", "@robinmordasiewicz/f5xc-terraform-mcp"]
+    }
+  }
+}
+```
+#### Option 2: Corporate Environments (No Node.js Required)
+For environments where npm/Node.js cannot be installed:
+1. Download the latest `.mcpb` bundle from [GitHub Releases](https://github.com/robinmordasiewicz/terraform-provider-f5xc/releases)
+2. Place the file in a known location (e.g., `~/.mcp/f5xc-terraform-mcp.mcpb`)
+3. Create a `.vscode/mcp.json` file:
+```json
+{
+  "servers": {
+    "f5xc-terraform": {
+      "command": "/path/to/f5xc-terraform-mcp.mcpb"
+    }
+  }
+}
+```
+#### Verify Installation
+1. Press `Ctrl+Shift+P` / `Cmd+Shift+P`
+2. Run `MCP: List Servers`
+3. Look for `f5xc-terraform` with a green status indicator
+For complete MCP server documentation including all available tools and advanced configuration options, see the [NPM package page](https://www.npmjs.com/package/@robinmordasiewicz/f5xc-terraform-mcp).
+## Resources and Data Sources
+Browse the documentation sidebar for the complete list of resources and data sources organized by category.
+<!-- Template version: 1.0.1 - MCP token optimization (#592) -->

package/dist/docs/resources/bgp.md CHANGED Viewed

@@ -2,12 +2,12 @@
 page_title: "f5xc_bgp Resource - terraform-provider-f5xc"
 subcategory: "Networking"
 description: |-
-  Manages a BGP resource in F5 Distributed Cloud for bgp routing policy is a list of rules containing match criteria and action to be applied. these rules help contol routes which are imported or exported to bgp peers. configuration.
+  Manages a BGP resource in F5 Distributed Cloud for bgp object is the configuration for peering with external bgp servers. it is created by users in system namespace. configuration.
 ---
 # f5xc_bgp (Resource)
-Manages a BGP resource in F5 Distributed Cloud for bgp routing policy is a list of rules containing match criteria and action to be applied. these rules help contol routes which are imported or exported to bgp peers. configuration.
+Manages a BGP resource in F5 Distributed Cloud for bgp object is the configuration for peering with external bgp servers. it is created by users in system namespace. configuration.
 ~> **Note** For more information about this resource, please refer to the [F5 XC API Documentation](https://docs.cloud.f5.com/docs/api/).
@@ -15,7 +15,7 @@ Manages a BGP resource in F5 Distributed Cloud for bgp routing policy is a list
 ```terraform
 # BGP Resource Example
-# Manages a BGP resource in F5 Distributed Cloud for bgp routing policy is a list of rules containing match criteria and action to be applied. these rules help contol routes which are imported or exported to bgp peers. configuration.
+# Manages a BGP resource in F5 Distributed Cloud for bgp object is the configuration for peering with external bgp servers. it is created by users in system namespace. configuration.
 # Basic BGP configuration
 resource "f5xc_bgp" "example" {
@@ -73,10 +73,14 @@ resource "f5xc_bgp" "example" {
 ### Spec Argument Reference
-<a id="rules"></a>&#x2022; [`rules`](#rules) - Optional Block<br>Rules. A BGP Routing policy is composed of one or more rules. Note that the order of rules is critical as rules are applied top to bottom<br>See [Rules](#rules) below for details.
+<a id="bgp-parameters"></a>&#x2022; [`bgp_parameters`](#bgp-parameters) - Optional Block<br>BGP Parameters. BGP parameters for the local site<br>See [BGP Parameters](#bgp-parameters) below for details.
+<a id="peers"></a>&#x2022; [`peers`](#peers) - Optional Block<br>Peers. List of peers<br>See [Peers](#peers) below for details.
 <a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block<br>See [Timeouts](#timeouts) below for details.
+<a id="where"></a>&#x2022; [`where`](#where) - Optional Block<br>Site or Virtual Site Reference. VirtualSiteSiteRefSelector defines a union of reference to site or reference to virtual_site It used to refer site or a group of sites indicated by virtual site<br>See [Where](#where) below for details.
 ### Attributes Reference
 In addition to all arguments above, the following attributes are exported:
@@ -85,71 +89,175 @@ In addition to all arguments above, the following attributes are exported:
 ---
-#### Rules
+#### BGP Parameters
+A [`bgp_parameters`](#bgp-parameters) block supports the following:
+<a id="bgp-parameters-asn"></a>&#x2022; [`asn`](#bgp-parameters-asn) - Optional Number<br>ASN. Autonomous System Number
+<a id="bgp-parameters-from-site"></a>&#x2022; [`from_site`](#bgp-parameters-from-site) - Optional Block<br>Enable this option
+<a id="bgp-parameters-ip-address"></a>&#x2022; [`ip_address`](#bgp-parameters-ip-address) - Optional String<br>IP Address. Use the configured IPv4 Address as Router ID
+<a id="bgp-parameters-local-address"></a>&#x2022; [`local_address`](#bgp-parameters-local-address) - Optional Block<br>Enable this option
+#### Peers
+A [`peers`](#peers) block supports the following:
+<a id="peers-bfd-disabled"></a>&#x2022; [`bfd_disabled`](#peers-bfd-disabled) - Optional Block<br>Enable this option
+<a id="peers-bfd-enabled"></a>&#x2022; [`bfd_enabled`](#peers-bfd-enabled) - Optional Block<br>BFD. BFD parameters<br>See [Bfd Enabled](#peers-bfd-enabled) below.
+<a id="peers-disable"></a>&#x2022; [`disable`](#peers-disable) - Optional Block<br>Enable this option
+<a id="peers-external"></a>&#x2022; [`external`](#peers-external) - Optional Block<br>External BGP Peer. External BGP Peer parameters<br>See [External](#peers-external) below.
+<a id="peers-label"></a>&#x2022; [`label`](#peers-label) - Optional String<br>Label. Specify whether this peer should be
+<a id="peers-metadata"></a>&#x2022; [`metadata`](#peers-metadata) - Optional Block<br>Message Metadata. MessageMetaType is metadata (common attributes) of a message that only certain messages have. This information is propagated to the metadata of a child object that gets created from the containing message during view processing. The information in this type can be specified by user during create and replace APIs<br>See [Metadata](#peers-metadata) below.
+<a id="peers-passive-mode-disabled"></a>&#x2022; [`passive_mode_disabled`](#peers-passive-mode-disabled) - Optional Block<br>Enable this option
+<a id="peers-passive-mode-enabled"></a>&#x2022; [`passive_mode_enabled`](#peers-passive-mode-enabled) - Optional Block<br>Enable this option
+<a id="peers-routing-policies"></a>&#x2022; [`routing_policies`](#peers-routing-policies) - Optional Block<br>BGP Routing Policy. List of rules which can be applied on all or particular nodes<br>See [Routing Policies](#peers-routing-policies) below.
+#### Peers Bfd Enabled
+A [`bfd_enabled`](#peers-bfd-enabled) block (within [`peers`](#peers)) supports the following:
+<a id="peers-bfd-enabled-multiplier"></a>&#x2022; [`multiplier`](#peers-bfd-enabled-multiplier) - Optional Number<br>Multiplier. Specify Number of missed packets to bring session down'
+<a id="milliseconds-dab8b3"></a>&#x2022; [`receive_interval_milliseconds`](#milliseconds-dab8b3) - Optional Number<br>Minimum Receive Interval. BFD receive interval timer, in milliseconds
+<a id="milliseconds-135c29"></a>&#x2022; [`transmit_interval_milliseconds`](#milliseconds-135c29) - Optional Number<br>Transmit Interval. BFD transmit interval timer, in milliseconds
+#### Peers External
+An [`external`](#peers-external) block (within [`peers`](#peers)) supports the following:
+<a id="peers-external-address"></a>&#x2022; [`address`](#peers-external-address) - Optional String<br>Peer Address. Specify IPv4 peer address
+<a id="peers-external-address-ipv6"></a>&#x2022; [`address_ipv6`](#peers-external-address-ipv6) - Optional String<br>Peer IPv6 Address. Specify peer IPv6 address
+<a id="peers-external-asn"></a>&#x2022; [`asn`](#peers-external-asn) - Optional Number<br>ASN. Autonomous System Number for BGP peer
+<a id="peers-external-default-gateway"></a>&#x2022; [`default_gateway`](#peers-external-default-gateway) - Optional Block<br>Enable this option
+<a id="peers-external-default-gateway-v6"></a>&#x2022; [`default_gateway_v6`](#peers-external-default-gateway-v6) - Optional Block<br>Enable this option
+<a id="peers-external-disable"></a>&#x2022; [`disable`](#peers-external-disable) - Optional Block<br>Enable this option
+<a id="peers-external-disable-v6"></a>&#x2022; [`disable_v6`](#peers-external-disable-v6) - Optional Block<br>Enable this option
+<a id="peers-external-external-connector"></a>&#x2022; [`external_connector`](#peers-external-external-connector) - Optional Block<br>Enable this option
+<a id="peers-external-family-inet"></a>&#x2022; [`family_inet`](#peers-external-family-inet) - Optional Block<br>BGP Family Inet. Parameters for inet family<br>See [Family Inet](#peers-external-family-inet) below.
+<a id="peers-external-from-site"></a>&#x2022; [`from_site`](#peers-external-from-site) - Optional Block<br>Enable this option
+<a id="peers-external-from-site-v6"></a>&#x2022; [`from_site_v6`](#peers-external-from-site-v6) - Optional Block<br>Enable this option
+<a id="peers-external-interface"></a>&#x2022; [`interface`](#peers-external-interface) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Interface](#peers-external-interface) below.
+<a id="peers-external-interface-list"></a>&#x2022; [`interface_list`](#peers-external-interface-list) - Optional Block<br>Interface List. List of network interfaces<br>See [Interface List](#peers-external-interface-list) below.
+<a id="peers-external-md5-auth-key"></a>&#x2022; [`md5_auth_key`](#peers-external-md5-auth-key) - Optional String<br>MD5 Authentication Key. MD5 key for protecting BGP Sessions (RFC 2385)
+<a id="peers-external-no-authentication"></a>&#x2022; [`no_authentication`](#peers-external-no-authentication) - Optional Block<br>Enable this option
+<a id="peers-external-port"></a>&#x2022; [`port`](#peers-external-port) - Optional Number<br>Peer Port. Peer TCP port number
+<a id="peers-external-subnet-begin-offset"></a>&#x2022; [`subnet_begin_offset`](#peers-external-subnet-begin-offset) - Optional Number<br>Offset From Beginning Of Subnet. Calculate peer address using offset from the beginning of the subnet
-A [`rules`](#rules) block supports the following:
+<a id="peers-external-subnet-begin-offset-v6"></a>&#x2022; [`subnet_begin_offset_v6`](#peers-external-subnet-begin-offset-v6) - Optional Number<br>Offset From Beginning Of Subnet. Calculate peer address using offset from the beginning of the subnet
-<a id="rules-action"></a>&#x2022; [`action`](#rules-action) - Optional Block<br>BGP Route Action. Action to be enforced if the BGP route matches the rule<br>See [Action](#rules-action) below.
+<a id="peers-external-subnet-end-offset"></a>&#x2022; [`subnet_end_offset`](#peers-external-subnet-end-offset) - Optional Number<br>Offset From End Of Subnet. Calculate peer address using offset from the end of the subnet
-<a id="rules-match"></a>&#x2022; [`match`](#rules-match) - Optional Block<br>BGP Route Match. Predicates which have to match information in route for action to be applied<br>See [Match](#rules-match) below.
+<a id="peers-external-subnet-end-offset-v6"></a>&#x2022; [`subnet_end_offset_v6`](#peers-external-subnet-end-offset-v6) - Optional Number<br>Offset From End Of Subnet. Calculate peer address using offset from the end of the subnet
-#### Rules Action
+#### Peers External Family Inet
-An [`action`](#rules-action) block (within [`rules`](#rules)) supports the following:
+A [`family_inet`](#peers-external-family-inet) block (within [`peers.external`](#peers-external)) supports the following:
-<a id="rules-action-aggregate"></a>&#x2022; [`aggregate`](#rules-action-aggregate) - Optional Block<br>Enable this option
+<a id="peers-external-family-inet-disable"></a>&#x2022; [`disable`](#peers-external-family-inet-disable) - Optional Block<br>Enable this option
-<a id="rules-action-allow"></a>&#x2022; [`allow`](#rules-action-allow) - Optional Block<br>Enable this option
+<a id="peers-external-family-inet-enable"></a>&#x2022; [`enable`](#peers-external-family-inet-enable) - Optional Block<br>Enable this option
-<a id="rules-action-as-path"></a>&#x2022; [`as_path`](#rules-action-as-path) - Optional String<br>AS-path to prepend. AS-Path Prepending is generally used to influence incoming traffic
+#### Peers External Interface
-<a id="rules-action-community"></a>&#x2022; [`community`](#rules-action-community) - Optional Block<br>BGP Community list. List of BGP communities<br>See [Community](#rules-action-community) below.
+An [`interface`](#peers-external-interface) block (within [`peers.external`](#peers-external)) supports the following:
-<a id="rules-action-deny"></a>&#x2022; [`deny`](#rules-action-deny) - Optional Block<br>Enable this option
+<a id="peers-external-interface-name"></a>&#x2022; [`name`](#peers-external-interface-name) - Optional String<br>Name. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name
-<a id="rules-action-local-preference"></a>&#x2022; [`local_preference`](#rules-action-local-preference) - Optional Number<br>Local preference. BGP Local Preference is generally used to influence outgoing traffic
+<a id="peers-external-interface-namespace"></a>&#x2022; [`namespace`](#peers-external-interface-namespace) - Optional String<br>Namespace. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace
-<a id="rules-action-metric"></a>&#x2022; [`metric`](#rules-action-metric) - Optional Number<br>MED/Metric. The Multi-Exit Discriminator metric to indicate the preferred path to AS
+<a id="peers-external-interface-tenant"></a>&#x2022; [`tenant`](#peers-external-interface-tenant) - Optional String<br>Tenant. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant
-#### Rules Action Community
+#### Peers External Interface List
-A [`community`](#rules-action-community) block (within [`rules.action`](#rules-action)) supports the following:
+An [`interface_list`](#peers-external-interface-list) block (within [`peers.external`](#peers-external)) supports the following:
-<a id="rules-action-community-community"></a>&#x2022; [`community`](#rules-action-community-community) - Optional List<br>BGP community. An unordered set of RFC 1997 defined 4-byte community, first 16 bits being ASN and lower 16 bits being value
+<a id="interfaces-2564cf"></a>&#x2022; [`interfaces`](#interfaces-2564cf) - Optional Block<br>Interface List. List of network interfaces<br>See [Interfaces](#interfaces-2564cf) below.
-#### Rules Match
+#### Peers External Interface List Interfaces
-A [`match`](#rules-match) block (within [`rules`](#rules)) supports the following:
+An [`interfaces`](#interfaces-2564cf) block (within [`peers.external.interface_list`](#peers-external-interface-list)) supports the following:
-<a id="rules-match-as-path"></a>&#x2022; [`as_path`](#rules-match-as-path) - Optional String<br>AS path to match. AS path can also be a regex, which will be matched against route information
+<a id="name-25eca0"></a>&#x2022; [`name`](#name-25eca0) - Optional String<br>Name. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name
-<a id="rules-match-community"></a>&#x2022; [`community`](#rules-match-community) - Optional Block<br>BGP Community list. List of BGP communities<br>See [Community](#rules-match-community) below.
+<a id="namespace-7cb7a8"></a>&#x2022; [`namespace`](#namespace-7cb7a8) - Optional String<br>Namespace. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace
-<a id="rules-match-ip-prefixes"></a>&#x2022; [`ip_prefixes`](#rules-match-ip-prefixes) - Optional Block<br>BGP Prefix List. List of IP prefix and prefix length range match condition<br>See [IP Prefixes](#rules-match-ip-prefixes) below.
+<a id="tenant-5d2baa"></a>&#x2022; [`tenant`](#tenant-5d2baa) - Optional String<br>Tenant. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant
-#### Rules Match Community
+#### Peers Metadata
-A [`community`](#rules-match-community) block (within [`rules.match`](#rules-match)) supports the following:
+A [`metadata`](#peers-metadata) block (within [`peers`](#peers)) supports the following:
-<a id="rules-match-community-community"></a>&#x2022; [`community`](#rules-match-community-community) - Optional List<br>BGP community. An unordered set of RFC 1997 defined 4-byte community, first 16 bits being ASN and lower 16 bits being value
+<a id="peers-metadata-description-spec"></a>&#x2022; [`description_spec`](#peers-metadata-description-spec) - Optional String<br>Description. Human readable description
-#### Rules Match IP Prefixes
+<a id="peers-metadata-name"></a>&#x2022; [`name`](#peers-metadata-name) - Optional String<br>Name. This is the name of the message. The value of name has to follow DNS-1035 format
-An [`ip_prefixes`](#rules-match-ip-prefixes) block (within [`rules.match`](#rules-match)) supports the following:
+#### Peers Routing Policies
-<a id="rules-match-ip-prefixes-prefixes"></a>&#x2022; [`prefixes`](#rules-match-ip-prefixes-prefixes) - Optional Block<br>Prefix list. List of IP prefix<br>See [Prefixes](#rules-match-ip-prefixes-prefixes) below.
+A [`routing_policies`](#peers-routing-policies) block (within [`peers`](#peers)) supports the following:
-#### Rules Match IP Prefixes Prefixes
+<a id="peers-routing-policies-route-policy"></a>&#x2022; [`route_policy`](#peers-routing-policies-route-policy) - Optional Block<br>BGP Routing policy. Route policy to be applied<br>See [Route Policy](#peers-routing-policies-route-policy) below.
-A [`prefixes`](#rules-match-ip-prefixes-prefixes) block (within [`rules.match.ip_prefixes`](#rules-match-ip-prefixes)) supports the following:
+#### Peers Routing Policies Route Policy
-<a id="than-cdaaa6"></a>&#x2022; [`equal_or_longer_than`](#than-cdaaa6) - Optional Block<br>Enable this option
+A [`route_policy`](#peers-routing-policies-route-policy) block (within [`peers.routing_policies`](#peers-routing-policies)) supports the following:
-<a id="match-0a0108"></a>&#x2022; [`exact_match`](#match-0a0108) - Optional Block<br>Enable this option
+<a id="nodes-761998"></a>&#x2022; [`all_nodes`](#nodes-761998) - Optional Block<br>Enable this option
-<a id="prefixes-e82cab"></a>&#x2022; [`ip_prefixes`](#prefixes-e82cab) - Optional String<br>IP Prefix. IP prefix to match on BGP route
+<a id="inbound-bbe39d"></a>&#x2022; [`inbound`](#inbound-bbe39d) - Optional Block<br>Enable this option
-<a id="than-7e2ba6"></a>&#x2022; [`longer_than`](#than-7e2ba6) - Optional Block<br>Enable this option
+<a id="name-e2301f"></a>&#x2022; [`node_name`](#name-e2301f) - Optional Block<br>Nodes. List of nodes on which BGP routing policy has to be applied<br>See [Node Name](#name-e2301f) below.
+<a id="refs-6e5457"></a>&#x2022; [`object_refs`](#refs-6e5457) - Optional Block<br>BGP routing policy. Select route policy to apply<br>See [Object Refs](#refs-6e5457) below.
+<a id="outbound-195eea"></a>&#x2022; [`outbound`](#outbound-195eea) - Optional Block<br>Enable this option
+#### Peers Routing Policies Route Policy Node Name
+A [`node_name`](#name-e2301f) block (within [`peers.routing_policies.route_policy`](#peers-routing-policies-route-policy)) supports the following:
+<a id="node-a4a8b2"></a>&#x2022; [`node`](#node-a4a8b2) - Optional List<br>Node of choice. Select BGP Session on which policy will be applied
+#### Peers Routing Policies Route Policy Object Refs
+An [`object_refs`](#refs-6e5457) block (within [`peers.routing_policies.route_policy`](#peers-routing-policies-route-policy)) supports the following:
+<a id="kind-8c3ca2"></a>&#x2022; [`kind`](#kind-8c3ca2) - Optional String<br>Kind. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+<a id="name-7f5085"></a>&#x2022; [`name`](#name-7f5085) - Optional String<br>Name. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name
+<a id="namespace-7ab467"></a>&#x2022; [`namespace`](#namespace-7ab467) - Optional String<br>Namespace. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace
+<a id="tenant-685165"></a>&#x2022; [`tenant`](#tenant-685165) - Optional String<br>Tenant. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant
+<a id="uid-965d22"></a>&#x2022; [`uid`](#uid-965d22) - Optional String<br>UID. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. Route's) uid
 #### Timeouts
@@ -163,6 +271,66 @@ A [`timeouts`](#timeouts) block supports the following:
 <a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+#### Where
+A [`where`](#where) block supports the following:
+<a id="where-site"></a>&#x2022; [`site`](#where-site) - Optional Block<br>Site Reference. This specifies a direct reference to a site configuration object<br>See [Site](#where-site) below.
+<a id="where-virtual-site"></a>&#x2022; [`virtual_site`](#where-virtual-site) - Optional Block<br>Virtual Site. A reference to virtual_site object<br>See [Virtual Site](#where-virtual-site) below.
+#### Where Site
+A [`site`](#where-site) block (within [`where`](#where)) supports the following:
+<a id="where-site-disable-internet-vip"></a>&#x2022; [`disable_internet_vip`](#where-site-disable-internet-vip) - Optional Block<br>Enable this option
+<a id="where-site-enable-internet-vip"></a>&#x2022; [`enable_internet_vip`](#where-site-enable-internet-vip) - Optional Block<br>Enable this option
+<a id="where-site-network-type"></a>&#x2022; [`network_type`](#where-site-network-type) - Optional String  Defaults to `VIRTUAL_NETWORK_SITE_LOCAL`<br>Possible values are `VIRTUAL_NETWORK_SITE_LOCAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE`, `VIRTUAL_NETWORK_PER_SITE`, `VIRTUAL_NETWORK_PUBLIC`, `VIRTUAL_NETWORK_GLOBAL`, `VIRTUAL_NETWORK_SITE_SERVICE`, `VIRTUAL_NETWORK_VER_INTERNAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE`, `VIRTUAL_NETWORK_IP_AUTO`, `VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK`, `VIRTUAL_NETWORK_SRV6_NETWORK`, `VIRTUAL_NETWORK_IP_FABRIC`, `VIRTUAL_NETWORK_SEGMENT`<br>[Enum: VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT] Virtual Network Type. Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created automatically and present on all sites Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE is a private network inside site. It is a secure network and is not connected to public network. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created during provisioning of site User defined per-site virtual network. Scope of this virtual network is limited to the site. This is not yet supported Virtual-network of type VIRTUAL_NETWORK_PUBLIC directly conects to the public internet. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on RE sites only It is an internally created by the system. They must not be created by user Virtual Neworks with global scope across different sites in F5XC domain. An example global virtual-network called 'AIN Network' is created for every tenant. For F5 Distributed Cloud fabric Constraints: It is currently only supported as internally created by the system. VK8s service network for a given tenant. Used to advertise a virtual host only to vk8s pods for that tenant Constraints: It is an internally created by the system. Must not be created by user VER internal network for the site. It can only be used for virtual hosts with SMA_PROXY type proxy Constraints: It is an internally created by the system. Must not be created by user Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE represents both VIRTUAL_NETWORK_SITE_LOCAL and VIRTUAL_NETWORK_SITE_LOCAL_INSIDE Constraints: This network type is only meaningful in an advertise policy When virtual-network of type VIRTUAL_NETWORK_IP_AUTO is selected for an endpoint, VER will try to determine the network based on the provided IP address Constraints: This network type is only meaningful in an endpoint VoltADN Private Network is used on F5 Distributed Cloud RE(s) to connect to customer private networks This network is created by opening a support ticket This network is per site srv6 network VER IP Fabric network for the site. This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network Constraints: It is an internally created by the system. Must not be created by user Network internally created for a segment Constraints: It is an internally created by the system. Must not be created by user
+<a id="where-site-ref"></a>&#x2022; [`ref`](#where-site-ref) - Optional Block<br>Reference. A site direct reference<br>See [Ref](#where-site-ref) below.
+#### Where Site Ref
+A [`ref`](#where-site-ref) block (within [`where.site`](#where-site)) supports the following:
+<a id="where-site-ref-kind"></a>&#x2022; [`kind`](#where-site-ref-kind) - Optional String<br>Kind. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+<a id="where-site-ref-name"></a>&#x2022; [`name`](#where-site-ref-name) - Optional String<br>Name. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name
+<a id="where-site-ref-namespace"></a>&#x2022; [`namespace`](#where-site-ref-namespace) - Optional String<br>Namespace. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace
+<a id="where-site-ref-tenant"></a>&#x2022; [`tenant`](#where-site-ref-tenant) - Optional String<br>Tenant. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant
+<a id="where-site-ref-uid"></a>&#x2022; [`uid`](#where-site-ref-uid) - Optional String<br>UID. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. Route's) uid
+#### Where Virtual Site
+A [`virtual_site`](#where-virtual-site) block (within [`where`](#where)) supports the following:
+<a id="where-virtual-site-disable-internet-vip"></a>&#x2022; [`disable_internet_vip`](#where-virtual-site-disable-internet-vip) - Optional Block<br>Enable this option
+<a id="where-virtual-site-enable-internet-vip"></a>&#x2022; [`enable_internet_vip`](#where-virtual-site-enable-internet-vip) - Optional Block<br>Enable this option
+<a id="where-virtual-site-network-type"></a>&#x2022; [`network_type`](#where-virtual-site-network-type) - Optional String  Defaults to `VIRTUAL_NETWORK_SITE_LOCAL`<br>Possible values are `VIRTUAL_NETWORK_SITE_LOCAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE`, `VIRTUAL_NETWORK_PER_SITE`, `VIRTUAL_NETWORK_PUBLIC`, `VIRTUAL_NETWORK_GLOBAL`, `VIRTUAL_NETWORK_SITE_SERVICE`, `VIRTUAL_NETWORK_VER_INTERNAL`, `VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE`, `VIRTUAL_NETWORK_IP_AUTO`, `VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK`, `VIRTUAL_NETWORK_SRV6_NETWORK`, `VIRTUAL_NETWORK_IP_FABRIC`, `VIRTUAL_NETWORK_SEGMENT`<br>[Enum: VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT] Virtual Network Type. Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created automatically and present on all sites Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE is a private network inside site. It is a secure network and is not connected to public network. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on CE sites. This network is created during provisioning of site User defined per-site virtual network. Scope of this virtual network is limited to the site. This is not yet supported Virtual-network of type VIRTUAL_NETWORK_PUBLIC directly conects to the public internet. Virtual-network of this type is local to every site. Two virtual networks of this type on different sites are neither related nor connected. Constraints: There can be atmost one virtual network of this type in a given site. This network type is supported on RE sites only It is an internally created by the system. They must not be created by user Virtual Neworks with global scope across different sites in F5XC domain. An example global virtual-network called 'AIN Network' is created for every tenant. For F5 Distributed Cloud fabric Constraints: It is currently only supported as internally created by the system. VK8s service network for a given tenant. Used to advertise a virtual host only to vk8s pods for that tenant Constraints: It is an internally created by the system. Must not be created by user VER internal network for the site. It can only be used for virtual hosts with SMA_PROXY type proxy Constraints: It is an internally created by the system. Must not be created by user Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE represents both VIRTUAL_NETWORK_SITE_LOCAL and VIRTUAL_NETWORK_SITE_LOCAL_INSIDE Constraints: This network type is only meaningful in an advertise policy When virtual-network of type VIRTUAL_NETWORK_IP_AUTO is selected for an endpoint, VER will try to determine the network based on the provided IP address Constraints: This network type is only meaningful in an endpoint VoltADN Private Network is used on F5 Distributed Cloud RE(s) to connect to customer private networks This network is created by opening a support ticket This network is per site srv6 network VER IP Fabric network for the site. This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network Constraints: It is an internally created by the system. Must not be created by user Network internally created for a segment Constraints: It is an internally created by the system. Must not be created by user
+<a id="where-virtual-site-ref"></a>&#x2022; [`ref`](#where-virtual-site-ref) - Optional Block<br>Reference. A virtual_site direct reference<br>See [Ref](#where-virtual-site-ref) below.
+#### Where Virtual Site Ref
+A [`ref`](#where-virtual-site-ref) block (within [`where.virtual_site`](#where-virtual-site)) supports the following:
+<a id="where-virtual-site-ref-kind"></a>&#x2022; [`kind`](#where-virtual-site-ref-kind) - Optional String<br>Kind. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+<a id="where-virtual-site-ref-name"></a>&#x2022; [`name`](#where-virtual-site-ref-name) - Optional String<br>Name. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name
+<a id="where-virtual-site-ref-namespace"></a>&#x2022; [`namespace`](#where-virtual-site-ref-namespace) - Optional String<br>Namespace. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace
+<a id="where-virtual-site-ref-tenant"></a>&#x2022; [`tenant`](#where-virtual-site-ref-tenant) - Optional String<br>Tenant. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant
+<a id="where-virtual-site-ref-uid"></a>&#x2022; [`uid`](#where-virtual-site-ref-uid) - Optional String<br>UID. When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. Route's) uid
 ---
 ## Common Types