f5xc_network_connector Resource - terraform-provider-f5xc

f5xc_network_connector (Resource)

Manages a Network Connector resource in F5 Distributed Cloud for network connector is created by users in system namespace. configuration.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Network Connector Resource Example
# Manages a Network Connector resource in F5 Distributed Cloud for network connector is created by users in system namespace. configuration.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Network Connector configuration
resource "f5xc_network_connector" "example" {
  name      = "example-network-connector"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Network Connector configuration
  # Direct connection
  sli_to_global_dr {
    global_vn {
      name      = "global-network"
      namespace = "staging"
    }
  }

  # Disable forward proxy
  disable_forward_proxy {}
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

~> Dependencies — This resource requires: virtual_network.

Metadata Argument Reference

• name - Required String
Name of the Network Connector. Must be unique within the namespace

• namespace - Required String
Namespace where the Network Connector will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

-> One of the following: • disable_forward_proxy - Optional Block
Configuration parameter for disable forward proxy

• enable_forward_proxy - Optional Block
Fine tune forward proxy behavior Few configurations allowed are White listed ports and IP prefixes: Forward proxy does application protocol detection and server name(SNI) detection by peeking into the traffic on the incoming downstream connection. Few protocols doesn’t have client sending the
See Enable Forward Proxy below for details.

-> One of the following: • sli_to_global_dr - Optional Block
Global network reference for direct connection
See SLI To Global DR below for details.

• sli_to_slo_snat - Optional Block
Configuration parameter for SLI to slo snat
See SLI To Slo Snat below for details.

• slo_to_global_dr - Optional Block
Global network reference for direct connection
See Slo To Global DR below for details.

• timeouts - Optional Block
See Timeouts below for details.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

---

Enable Forward Proxy

An enable_forward_proxy block supports the following:

• connection_timeout - Optional Number Defaults to 2000 Specified in milliseconds
The timeout for new network connections to upstream server. The (2 seconds)

• max_connect_attempts - Optional Number Defaults to 1
Specifies the allowed number of retries on connect failure to upstream server

• no_interception - Optional Block
Configuration parameter for no interception

• tls_intercept - Optional Block
Configuration to enable TLS interception
See TLS Intercept below.

• white_listed_ports - Optional List
Traffic to these destination TCP ports is not subjected to protocol parsing Example ‘tmate’ server port

• white_listed_prefixes - Optional List
Traffic to these destination IP prefixes is not subjected to protocol parsing Example ‘tmate’ server IP

Enable Forward Proxy TLS Intercept

A tls_intercept block (within enable_forward_proxy) supports the following:

• custom_certificate - Optional Block
Configuration parameter for custom certificate
See Custom Certificate below.

• enable_for_all_domains - Optional Block
Configuration parameter for enable for all domains

• policy - Optional Block
Policy to enable or disable TLS interception
See Policy below.

• trusted_ca_url - Optional String
Custom Root CA Certificate for validating upstream server certificate

• volterra_certificate - Optional Block
Configuration parameter for volterra certificate

• volterra_trusted_ca - Optional Block
Configuration parameter for volterra trusted CA

Enable Forward Proxy TLS Intercept Custom Certificate

A custom_certificate block (within enable_forward_proxy.tls_intercept) supports the following:

• certificate_url - Optional String
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers

• custom_hash_algorithms - Optional Block
Specifies the hash algorithms to be used
See Custom Hash Algorithms below.

• description_spec - Optional String
Description. Description for the certificate

• disable_ocsp_stapling - Optional Block
Configuration parameter for disable OCSP stapling

• private_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Private Key below.

• use_system_defaults - Optional Block
Configuration parameter for use system defaults

Enable Forward Proxy TLS Intercept Custom Certificate Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

Enable Forward Proxy TLS Intercept Custom Certificate Private Key

Deeply nested Key block collapsed for readability.

Enable Forward Proxy TLS Intercept Custom Certificate Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Enable Forward Proxy TLS Intercept Custom Certificate Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

Enable Forward Proxy TLS Intercept Policy

A policy block (within enable_forward_proxy.tls_intercept) supports the following:

• interception_rules - Optional Block
List of ordered rules to enable or disable for TLS interception
See Interception Rules below.

Enable Forward Proxy TLS Intercept Policy Interception Rules

Deeply nested Rules block collapsed for readability.

Enable Forward Proxy TLS Intercept Policy Interception Rules Domain Match

Deeply nested Match block collapsed for readability.

SLI To Global DR

A sli_to_global_dr block supports the following:

• global_vn - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Global Vn below.

SLI To Global DR Global Vn

A global_vn block (within sli_to_global_dr) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

SLI To Slo Snat

A sli_to_slo_snat block supports the following:

• default_gw_snat - Optional Block
Configuration parameter for default gw snat

• interface_ip - Optional Block
Enable this option

Slo To Global DR

A slo_to_global_dr block supports the following:

• global_vn - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Global Vn below.

Slo To Global DR Global Vn

A global_vn block (within slo_to_global_dr) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

---

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
name	String	Name of the referenced object
namespace	String	Namespace containing the referenced object
tenant	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
LOWER_CASE	Convert to lowercase
UPPER_CASE	Convert to uppercase
BASE64_DECODE	Decodebase64 content
NORMALIZE_PATH	Normalize URL path
REMOVE_WHITESPACE	Remove whitespace characters
URL_DECODE	Decode URL-encoded characters
TRIM_LEFT	Trim leading whitespace
TRIM_RIGHT	Trim trailing whitespace
TRIM	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
ANY	Match any HTTP method
GET	HTTP GET request
HEAD	HTTP HEAD request
POST	HTTP POST request
PUT	HTTP PUT request
DELETE	HTTP DELETE request
CONNECT	HTTP CONNECT request
OPTIONS	HTTP OPTIONS request
TRACE	HTTP TRACE request
PATCH	HTTP PATCH request
COPY	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
TLS_FINGERPRINT_NONE	No fingerprint matching
ANY_MALICIOUS_FINGERPRINT	Match any known malicious fingerprint
ADWARE	Adware-associated fingerprints
DRIDEX	Dridex malware fingerprints
GOOTKIT	Gootkit malware fingerprints
RANSOMWARE	Ransomware-associated fingerprints
TRICKBOT	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
SPAM_SOURCES	Known spam sources
WINDOWS_EXPLOITS	Windows exploit sources
WEB_ATTACKS	Web attack sources
BOTNETS	Known botnet IPs
SCANNERS	Network scanner IPs
REPUTATION	Poor reputation IPs
PHISHING	Phishing-related IPs
PROXY	Anonymous proxy IPs
MOBILE_THREATS	Mobile threat sources
TOR_PROXY	Tor exit nodes
DENIAL_OF_SERVICE	DoS attack sources
NETWORK	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_network_connector.example system/example