f5xc_rate_limiter Resource - terraform-provider-f5xc

f5xc_rate_limiter (Resource)

Manages rate_limiter creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Rate Limiter Resource Example
# Manages rate_limiter creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Rate Limiter configuration
resource "f5xc_rate_limiter" "example" {
  name      = "example-rate-limiter"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Rate Limiter configuration
  total_number     = 100
  unit             = "MINUTE"
  burst_multiplier = 10
}

# The following optional fields have server-applied defaults and can be omitted:
# - user_identification

Verified Configuration Examples

These configurations are extracted from acceptance tests verified against the live F5 XC API.

All Attributes

resource "f5xc_rate_limiter" "test" {
  name        = "example"
  namespace   = "system"
  description = "Test rate limiter with all attributes"
  disable     = false

  labels = {
    environment = "test"
    team        = "engineering"
  }

  annotations = {
    purpose = "testing"
  }
}

Token Bucket

resource "f5xc_rate_limiter" "test" {
  name      = "example"
  namespace = "system"

  limits {
    total_number     = 50
    unit             = "SECOND"
    burst_multiplier = 5

    token_bucket {}
  }
}

Unit

resource "f5xc_rate_limiter" "test" {
  name      = "example"
  namespace = "system"

  limits {
    total_number     = 3
    unit             = "example-value"
    burst_multiplier = 2

    leaky_bucket {}
  }
}

With Annotations

resource "f5xc_rate_limiter" "test" {
  name      = "example"
  namespace = "system"

  annotations = {
    example-key = "example-value"
  }
}

With Description

resource "f5xc_rate_limiter" "test" {
  name        = "example"
  namespace   = "system"
  description = "example-value"
}

With Labels

resource "f5xc_rate_limiter" "test" {
  name      = "example"
  namespace = "system"

  labels = {
    example-key = "example-value"
  }
}

With Limits

resource "f5xc_rate_limiter" "test" {
  name        = "example"
  namespace   = "system"
  description = "Rate limiter with limits configuration"

  limits {
    total_number      = 100
    unit              = "MINUTE"
    burst_multiplier  = 2
    period_multiplier = 1

    leaky_bucket {}
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the Rate Limiter. Must be unique within the namespace

• namespace - Required String
Namespace where the Rate Limiter will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• limits - Optional Block
List of RateLimitValues that specifies the total number of allowed requests for each specified period
See Limits below for details.

• timeouts - Optional Block
See Timeouts below for details.

• user_identification - Optional Block Defaults to []
Reference to user_identification object. The rules in the user_identification object are evaluated to determine the user identifier to be rate limited. Server applies default when omitted
See User Identification below for details.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

---

Limits

A limits block supports the following:

• action_block - Optional Block
Action where a user is blocked from making further requests after exceeding rate limit threshold
See Action Block below.

• burst_multiplier - Optional Number
The maximum burst of requests to accommodate, expressed as a multiple of the rate

• disabled - Optional Block
Enable this option

• leaky_bucket - Optional Block
Leaky-Bucket is the default rate limiter algorithm for F5

• period_multiplier - Optional Number
Setting, combined with Per Period units, provides a duration

• token_bucket - Optional Block
Token-Bucket is a rate limiter algorithm that is stricter with enforcing limits

• total_number - Optional Number
The total number of allowed requests per rate-limiting period

• unit - Optional String Defaults to SECOND
Possible values are SECOND, MINUTE, HOUR
[Enum: SECOND|MINUTE|HOUR] Unit for the period per which the rate limit is applied. - SECOND: Second Rate limit period unit is seconds - MINUTE: Minute Rate limit period unit is minutes - HOUR: Hour Rate limit period unit is hours - DAY: Day Rate limit period unit is days

Limits Action Block

An action_block block (within limits) supports the following:

• hours - Optional Block
Hours. Input Duration Hours
See Hours below.

• minutes - Optional Block
Minutes. Input Duration Minutes
See Minutes below.

• seconds - Optional Block
Seconds. Input Duration Seconds
See Seconds below.

Limits Action Block Hours

A hours block (within limits.action_block) supports the following:

• duration - Optional Number
Duration. Configuration parameter for duration

Limits Action Block Minutes

A minutes block (within limits.action_block) supports the following:

• duration - Optional Number
Duration. Configuration parameter for duration

Limits Action Block Seconds

A seconds block (within limits.action_block) supports the following:

• duration - Optional Number
Duration. Configuration parameter for duration

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

User Identification

An user_identification block supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

---

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
name	String	Name of the referenced object
namespace	String	Namespace containing the referenced object
tenant	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
LOWER_CASE	Convert to lowercase
UPPER_CASE	Convert to uppercase
BASE64_DECODE	Decodebase64 content
NORMALIZE_PATH	Normalize URL path
REMOVE_WHITESPACE	Remove whitespace characters
URL_DECODE	Decode URL-encoded characters
TRIM_LEFT	Trim leading whitespace
TRIM_RIGHT	Trim trailing whitespace
TRIM	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
ANY	Match any HTTP method
GET	HTTP GET request
HEAD	HTTP HEAD request
POST	HTTP POST request
PUT	HTTP PUT request
DELETE	HTTP DELETE request
CONNECT	HTTP CONNECT request
OPTIONS	HTTP OPTIONS request
TRACE	HTTP TRACE request
PATCH	HTTP PATCH request
COPY	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
TLS_FINGERPRINT_NONE	No fingerprint matching
ANY_MALICIOUS_FINGERPRINT	Match any known malicious fingerprint
ADWARE	Adware-associated fingerprints
DRIDEX	Dridex malware fingerprints
GOOTKIT	Gootkit malware fingerprints
RANSOMWARE	Ransomware-associated fingerprints
TRICKBOT	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
SPAM_SOURCES	Known spam sources
WINDOWS_EXPLOITS	Windows exploit sources
WEB_ATTACKS	Web attack sources
BOTNETS	Known botnet IPs
SCANNERS	Network scanner IPs
REPUTATION	Poor reputation IPs
PHISHING	Phishing-related IPs
PROXY	Anonymous proxy IPs
MOBILE_THREATS	Mobile threat sources
TOR_PROXY	Tor exit nodes
DENIAL_OF_SERVICE	DoS attack sources
NETWORK	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_rate_limiter.example system/example