f5xc_cminstance Resource - terraform-provider-f5xc
f5xc_cminstance (Resource)
Section titled “f5xc_cminstance (Resource)”Manages App type will create the configuration in namespace metadata.namespace. in F5 Distributed Cloud.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# Cminstance Resource Example# Manages App type will create the configuration in namespace metadata.namespace. in F5 Distributed Cloud.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic Cminstance configurationresource "f5xc_cminstance" "example" { name = "example-cminstance" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# Resource-specific configuration # SecretType is used in an object to indicate a sensitive/c... api_token { # Configure api_token settings } # BlindfoldSecretInfoType specifies information about the S... blindfold_secret_info { # Configure blindfold_secret_info settings } # ClearSecretInfoType specifies information about the Secre... clear_secret_info { # Configure clear_secret_info settings }}Argument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the Cminstance. Must be unique within the namespace
• namespace - Required String
Namespace where the Cminstance will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”• api_token - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See API Token below for details.
• ip - Optional Block
IPv4 address in dotted decimal notation (e.g., 192.0.2.1)
See IP below for details.
• password - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Password below for details.
• port - Required Number
Port of the Central Manager instance to connect to
• timeouts - Optional Block
See Timeouts below for details.
• username - Required String
Username for the Central Manager instance
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
API Token
Section titled “API Token”An api_token block supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
API Token Blindfold Secret Info
Section titled “API Token Blindfold Secret Info”A blindfold_secret_info block (within api_token) supports the following:
• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service
• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
API Token Clear Secret Info
Section titled “API Token Clear Secret Info”A clear_secret_info block (within api_token) supports the following:
• provider_ref - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
• url - Optional String
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded base64 format. When asked for this secret, caller will GET Secret bytes after base64 decoding
An ip block supports the following:
• addr - Optional String
IPv4 Address in string form with dot-decimal notation
Password
Section titled “Password”A password block supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
Password Blindfold Secret Info
Section titled “Password Blindfold Secret Info”A blindfold_secret_info block (within password) supports the following:
• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service
• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
Password Clear Secret Info
Section titled “Password Clear Secret Info”A clear_secret_info block (within password) supports the following:
• provider_ref - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
• url - Optional String
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded base64 format. When asked for this secret, caller will GET Secret bytes after base64 decoding
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_cminstance.example system/example