f5xc_advertise_policy Resource - terraform-provider-f5xc

f5xc_advertise_policy (Resource)

Manages a Advertise Policy resource in F5 Distributed Cloud for advertise_policy object controls how and where a service represented by a given virtual_host object is advertised to consumers. configuration.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Advertise Policy Resource Example
# Manages a Advertise Policy resource in F5 Distributed Cloud for advertise_policy object controls how and where a service represented by a given virtual_host object is advertised to consumers. configuration.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Advertise Policy configuration
resource "f5xc_advertise_policy" "example" {
  name      = "example-advertise-policy"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Resource-specific configuration
  # Optional. Public VIP to advertise This field is mutually ...
  public_ip {
    # Configure public_ip settings
  }
  # TLS configuration for downstream connections.
  tls_parameters {
    # Configure tls_parameters settings
  }
  # Enable this option
  client_certificate_optional {
    # Configure client_certificate_optional settings
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the Advertise Policy. Must be unique within the namespace

• namespace - Required String
Namespace where the Advertise Policy will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• address - Required String
Optional. VIP to advertise. This VIP can be either V4/V6 address You can not specify this if where contains a site or virtual site of type REGIONAL_EDGE or public network If not specified and ‘where’ is specified with site or virtual site option, inside_vip or outside_vip specified in the site

-> One of the following: • port - Optional Number
Port to advertise

• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’

• protocol - Required String
Protocol. Protocol to advertise

• public_ip - Optional Block
Optional. Public VIP to advertise This field is mutually exclusive with where and address fields
See Public IP below for details.

• skip_xff_append - Required Bool
If set, the loadbalancer will not append the remote address to the x-forwarded-for HTTP header

• timeouts - Optional Block
See Timeouts below for details.

• tls_parameters - Optional Block
TLS configuration for downstream connections
See TLS Parameters below for details.

• where - Optional Block
NetworkSiteRefSelector defines a union of reference to site or reference to virtual_network or reference to virtual_site It is used to determine virtual network using following rules * Direct reference to virtual_network object * Site local network when refering to site object * All site local
See Where below for details.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

Public IP

A public_ip block supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

TLS Parameters

A tls_parameters block supports the following:

• client_certificate_optional - Optional Block
Enable this option

• client_certificate_required - Optional Block
Enable this option

• common_params - Optional Block
Information of different aspects for TLS authentication related to ciphers, certificates and trust store
See Common Params below.

• no_client_certificate - Optional Block
Enable this option

• xfcc_header_elements - Optional List Defaults to XFCC_NONE
Possible values are XFCC_NONE, XFCC_CERT, XFCC_CHAIN, XFCC_SUBJECT, XFCC_URI, XFCC_DNS
[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] X-Forwarded-Client-Cert header elements to be set in an mTLS enabled connections. If none are defined, the header will not be added

TLS Parameters Common Params

A common_params block (within tls_parameters) supports the following:

• cipher_suites - Optional List
The following list specifies the supported cipher suite TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

• maximum_protocol_version - Optional String Defaults to TLS_AUTO
Possible values are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3
[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version

• minimum_protocol_version - Optional String Defaults to TLS_AUTO
Possible values are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3
[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version

• tls_certificates - Optional Block
TLS Certificates. Set of TLS certificates
See TLS Certificates below.

• validation_params - Optional Block
Includes URL for a trust store, whether SAN verification is required and list of Subject Alt Names for verification
See Validation Params below.

TLS Parameters Common Params TLS Certificates

A tls_certificates block (within tls_parameters.common_params) supports the following:

• certificate_url - Optional String
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers

• custom_hash_algorithms - Optional Block
Specifies the hash algorithms to be used
See Custom Hash Algorithms below.

• description_spec - Optional String
Description. Description for the certificate

• disable_ocsp_stapling - Optional Block
Configuration parameter for disable OCSP stapling

• private_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Private Key below.

• use_system_defaults - Optional Block
Configuration parameter for use system defaults

TLS Parameters Common Params TLS Certificates Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

TLS Parameters Common Params TLS Certificates Private Key

Deeply nested Key block collapsed for readability.

TLS Parameters Common Params TLS Certificates Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

TLS Parameters Common Params TLS Certificates Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

TLS Parameters Common Params Validation Params

A validation_params block (within tls_parameters.common_params) supports the following:

• skip_hostname_verification - Optional Bool
When True, skip verification of hostname i.e. CN/Subject Alt Name of certificate is not matched to the connecting hostname

• trusted_ca - Optional Block
Root CA Certificate Reference. Reference to Root CA Certificate
See Trusted CA below.

• trusted_ca_url - Optional String
Inline Root CA Certificate

• verify_subject_alt_names - Optional List
List of acceptable Subject Alt Names/CN in the peer’s certificate. When skip_hostname_verification is false and verify_subject_alt_names is empty, the hostname of the peer will be used for matching against SAN/CN of peer’s certificate

TLS Parameters Common Params Validation Params Trusted CA

Deeply nested CA block collapsed for readability.

TLS Parameters Common Params Validation Params Trusted CA Trusted CA List

Deeply nested List block collapsed for readability.

Where

A where block supports the following:

• site - Optional Block
Specifies a direct reference to a site configuration object
See Site below.

• virtual_network - Optional Block
Specifies a direct reference to a network configuration object
See Virtual Network below.

• virtual_site - Optional Block
Virtual Site. A reference to virtual_site object
See Virtual Site below.

Where Site

A site block (within where) supports the following:

• disable_internet_vip - Optional Block
Enable this option

• enable_internet_vip - Optional Block
Enable this option

• network_type - Optional String Defaults to VIRTUAL_NETWORK_SITE_LOCAL
Possible values are VIRTUAL_NETWORK_SITE_LOCAL, VIRTUAL_NETWORK_SITE_LOCAL_INSIDE, VIRTUAL_NETWORK_PER_SITE, VIRTUAL_NETWORK_PUBLIC, VIRTUAL_NETWORK_GLOBAL, VIRTUAL_NETWORK_SITE_SERVICE, VIRTUAL_NETWORK_VER_INTERNAL, VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE, VIRTUAL_NETWORK_IP_AUTO, VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK, VIRTUAL_NETWORK_SRV6_NETWORK, VIRTUAL_NETWORK_IP_FABRIC, VIRTUAL_NETWORK_SEGMENT, VIRTUAL_NETWORK_MANAGEMENT
[Enum: VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT|VIRTUAL_NETWORK_MANAGEMENT] Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to

• ref - Optional Block
Reference. A site direct reference
See Ref below.

Where Site Ref

A ref block (within where.site) supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Where Virtual Network

A virtual_network block (within where) supports the following:

• ref - Optional Block
Virtual network direct reference
See Ref below.

Where Virtual Network Ref

A ref block (within where.virtual_network) supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Where Virtual Site

A virtual_site block (within where) supports the following:

• disable_internet_vip - Optional Block
Enable this option

• enable_internet_vip - Optional Block
Enable this option

• ref - Optional Block
Virtual_site direct reference
See Ref below.

Where Virtual Site Ref

A ref block (within where.virtual_site) supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
`name`	String	Name of the referenced object
`namespace`	String	Namespace containing the referenced object
`tenant`	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
`LOWER_CASE`	Convert to lowercase
`UPPER_CASE`	Convert to uppercase
`BASE64_DECODE`	Decodebase64 content
`NORMALIZE_PATH`	Normalize URL path
`REMOVE_WHITESPACE`	Remove whitespace characters
`URL_DECODE`	Decode URL-encoded characters
`TRIM_LEFT`	Trim leading whitespace
`TRIM_RIGHT`	Trim trailing whitespace
`TRIM`	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
`ANY`	Match any HTTP method
`GET`	HTTP GET request
`HEAD`	HTTP HEAD request
`POST`	HTTP POST request
`PUT`	HTTP PUT request
`DELETE`	HTTP DELETE request
`CONNECT`	HTTP CONNECT request
`OPTIONS`	HTTP OPTIONS request
`TRACE`	HTTP TRACE request
`PATCH`	HTTP PATCH request
`COPY`	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
`TLS_FINGERPRINT_NONE`	No fingerprint matching
`ANY_MALICIOUS_FINGERPRINT`	Match any known malicious fingerprint
`ADWARE`	Adware-associated fingerprints
`DRIDEX`	Dridex malware fingerprints
`GOOTKIT`	Gootkit malware fingerprints
`RANSOMWARE`	Ransomware-associated fingerprints
`TRICKBOT`	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
`SPAM_SOURCES`	Known spam sources
`WINDOWS_EXPLOITS`	Windows exploit sources
`WEB_ATTACKS`	Web attack sources
`BOTNETS`	Known botnet IPs
`SCANNERS`	Network scanner IPs
`REPUTATION`	Poor reputation IPs
`PHISHING`	Phishing-related IPs
`PROXY`	Anonymous proxy IPs
`MOBILE_THREATS`	Mobile threat sources
`TOR_PROXY`	Tor exit nodes
`DENIAL_OF_SERVICE`	DoS attack sources
`NETWORK`	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_advertise_policy.example system/example