f5xc_user_identification Resource - terraform-provider-f5xc
f5xc_user_identification (Resource)
Section titled “f5xc_user_identification (Resource)”Manages user_identification creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# User Identification Resource Example# Manages user_identification creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic User Identification configurationresource "f5xc_user_identification" "example" { name = "example-user-identification" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# User Identification configuration rules { identifier_type = "CLIENT_IP" any_client {} }}Verified Configuration Examples
Section titled “Verified Configuration Examples”These configurations are extracted from acceptance tests verified against the live F5 XC API.
All Attributes
Section titled “All Attributes”resource "f5xc_user_identification" "test" { name = "example" namespace = "system" description = "Test user identification with all attributes" disable = false
labels = { environment = "test" team = "security" }
annotations = { purpose = "testing" }
rules { client_ip {} }}Cookie
Section titled “Cookie”resource "f5xc_user_identification" "test" { name = "example" namespace = "system"
rules { cookie_name = "session_id" }}Http Header
Section titled “Http Header”resource "f5xc_user_identification" "test" { name = "example" namespace = "system"
rules { http_header_name = "X-Forwarded-For" }}Tls Fingerprint
Section titled “Tls Fingerprint”resource "f5xc_user_identification" "test" { name = "example" namespace = "system"
rules { tls_fingerprint {} }}With Annotations
Section titled “With Annotations”resource "f5xc_user_identification" "test" { name = "example" namespace = "system"
annotations = { example-key = "example-value" }
rules { client_ip {} }}With Description
Section titled “With Description”resource "f5xc_user_identification" "test" { name = "example" namespace = "system" description = "example-value"
rules { client_ip {} }}With Labels
Section titled “With Labels”resource "f5xc_user_identification" "test" { name = "example" namespace = "system"
labels = { example-key = "example-value" }
rules { client_ip {} }}With Rules
Section titled “With Rules”resource "f5xc_user_identification" "test" { name = "example" namespace = "system" description = "User identification with identification rules"
rules { client_ip {} }}Argument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Minimum Configuration
Section titled “Minimum Configuration”Required fields:
namenamespacerules
Example (API format):
apiVersion: v1kind: user_identificationmetadata: name: example-user-id namespace: defaultspec: rules: - client_ip: {}Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the User Identification. Must be unique within the namespace
• namespace - Required String
Namespace where the User Identification will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”• rules - Optional Block
Ordered list of rules that are evaluated sequentially against the input fields extracted from an API request in order to determine a user identifier. Evaluation of the rules is terminated once a user identifier has been extracted
See Rules below for details.
• timeouts - Optional Block
See Timeouts below for details.
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
A rules block supports the following:
• client_asn - Optional Block
Enable this option
• client_city - Optional Block
Enable this option
• client_country - Optional Block
Enable this option
• client_ip - Optional Block
Enable this option
• client_region - Optional Block
Enable this option
• cookie_name - Optional String
Use the HTTP cookie value for the given name as user
• http_header_name - Optional String
Use the HTTP header value for the given name as user
• ip_and_http_header_name - Optional String
Name of HTTP header from which the value should be extracted
• ip_and_ja4_tls_fingerprint - Optional Block
Enable this option
• ip_and_tls_fingerprint - Optional Block
Enable this option
• ja4_tls_fingerprint - Optional Block
Configuration parameter for ja4 TLS fingerprint
• jwt_claim_name - Optional String
Use the JWT claim value as user identifier
• none - Optional Block
Enable this option
• query_param_key - Optional String
Use the query parameter value for the given key as user
• tls_fingerprint - Optional Block
Configuration parameter for TLS fingerprint
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_user_identification.example system/example