f5xc_tenant_configuration Resource - terraform-provider-f5xc

f5xc_tenant_configuration (Resource)

Manages a Tenant Configuration resource in F5 Distributed Cloud for tenant configuration specification. configuration.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Tenant Configuration Resource Example
# Manages a Tenant Configuration resource in F5 Distributed Cloud for tenant configuration specification. configuration.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Tenant Configuration configuration
resource "f5xc_tenant_configuration" "example" {
  name      = "example-tenant-configuration"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Resource-specific configuration
  # Configuration parameter for basic configuration.
  basic_configuration {
    # Configure basic_configuration settings
  }
  # Configuration parameter for brute force detection.
  brute_force_detection {
    # Configure brute_force_detection settings
  }
  # Configuration parameter for brute force detection settings.
  brute_force_detection_settings {
    # Configure brute_force_detection_settings settings
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the Tenant Configuration. Must be unique within the namespace

• namespace - Required String
Namespace where the Tenant Configuration will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• basic_configuration - Optional Block
Configuration parameter for basic configuration
See Basic Configuration below for details.

• brute_force_detection - Optional Block
Configuration parameter for brute force detection
See Brute Force Detection below for details.

• brute_force_detection_settings - Optional Block
Configuration parameter for brute force detection settings
See Brute Force Detection Settings below for details.

• password_policy - Optional Block
Policy configuration for this feature
See Password Policy below for details.

• tenant_details - Optional Block
BasicConfiguration
See Tenant Details below for details.

• timeouts - Optional Block
See Timeouts below for details.

• user_session_expiration - Optional Block
Defines all session-related expiration for user sessions within a tenant’s environment. Relationship between session_expiry and cookie_expiry: - session_expiry defines the ‘absolute maximum duration’ of a session and enforces RE-authentication after this time. - cookie_expiry defines the
See User Session Expiration below for details.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

---

Basic Configuration

A basic_configuration block supports the following:

• display_name - Optional String
Changes the tenant name displayed during login without affecting your company’s domain name

Brute Force Detection

A brute_force_detection block supports the following:

• max_login_failures - Optional Number
How many failures before wait is triggered. When login failure count is hit, user will be temporarily locked for a max duration of 15 minutes

Brute Force Detection Settings

A brute_force_detection_settings block supports the following:

• max_login_failures - Optional Number
How many failures before wait is triggered. When login failure count is hit, user will be temporarily locked for a max duration of 15 minutes

Password Policy

A password_policy block supports the following:

• digits - Optional Number
The number of digits required to be in the password string

• expire_password - Optional Number
The number of days for which the password is valid. After the number of days has expired, the user is required to change their password

• lowercase_characters - Optional Number
The number of lower case letters required to be in the password string

• minimum_length - Optional Number
Minimum length of password

• not_recently_used - Optional Number
Policy is used to restrict user from using previously used passwords. Number that’s set determines number of last passwords which user cannot use as new password

• not_username - Optional Bool
When set, the password is not allowed to be the same as the username

• special_characters - Optional Number
The number of special characters like ’?!#%$’ required to be in the password string

• uppercase_characters - Optional Number
The number of upper case letters required to be in the password string

Tenant Details

A tenant_details block supports the following:

• display_name - Optional String
Changes the tenant name displayed during login without affecting your company’s domain name

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

User Session Expiration

An user_session_expiration block supports the following:

• absolute_timeout - Optional Block
Represents the session expiration duration
See Absolute Timeout below.

• idle_timeout - Optional Block
Represents the cookie expiration duration
See Idle Timeout below.

User Session Expiration Absolute Timeout

An absolute_timeout block (within user_session_expiration) supports the following:

• hours - Optional Block
Represents the session duration in hours
See Hours below.

• minutes - Optional Block
Represents the session duration in minutes
See Minutes below.

User Session Expiration Absolute Timeout Hours

A hours block (within user_session_expiration.absolute_timeout) supports the following:

• duration - Optional Number
Duration

User Session Expiration Absolute Timeout Minutes

A minutes block (within user_session_expiration.absolute_timeout) supports the following:

• duration - Optional Number
Duration

User Session Expiration Idle Timeout

An idle_timeout block (within user_session_expiration) supports the following:

• hours - Optional Block
Represents the cookie duration in hours
See Hours below.

• minutes - Optional Block
Represents the cookie duration in minutes
See Minutes below.

User Session Expiration Idle Timeout Hours

A hours block (within user_session_expiration.idle_timeout) supports the following:

• duration - Optional Number
Duration

User Session Expiration Idle Timeout Minutes

A minutes block (within user_session_expiration.idle_timeout) supports the following:

• duration - Optional Number
Duration

---

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
name	String	Name of the referenced object
namespace	String	Namespace containing the referenced object
tenant	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
LOWER_CASE	Convert to lowercase
UPPER_CASE	Convert to uppercase
BASE64_DECODE	Decodebase64 content
NORMALIZE_PATH	Normalize URL path
REMOVE_WHITESPACE	Remove whitespace characters
URL_DECODE	Decode URL-encoded characters
TRIM_LEFT	Trim leading whitespace
TRIM_RIGHT	Trim trailing whitespace
TRIM	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
ANY	Match any HTTP method
GET	HTTP GET request
HEAD	HTTP HEAD request
POST	HTTP POST request
PUT	HTTP PUT request
DELETE	HTTP DELETE request
CONNECT	HTTP CONNECT request
OPTIONS	HTTP OPTIONS request
TRACE	HTTP TRACE request
PATCH	HTTP PATCH request
COPY	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
TLS_FINGERPRINT_NONE	No fingerprint matching
ANY_MALICIOUS_FINGERPRINT	Match any known malicious fingerprint
ADWARE	Adware-associated fingerprints
DRIDEX	Dridex malware fingerprints
GOOTKIT	Gootkit malware fingerprints
RANSOMWARE	Ransomware-associated fingerprints
TRICKBOT	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
SPAM_SOURCES	Known spam sources
WINDOWS_EXPLOITS	Windows exploit sources
WEB_ATTACKS	Web attack sources
BOTNETS	Known botnet IPs
SCANNERS	Network scanner IPs
REPUTATION	Poor reputation IPs
PHISHING	Phishing-related IPs
PROXY	Anonymous proxy IPs
MOBILE_THREATS	Mobile threat sources
TOR_PROXY	Tor exit nodes
DENIAL_OF_SERVICE	DoS attack sources
NETWORK	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_tenant_configuration.example system/example