From 65ea40ba1556dfc9bf4912105da24a7b9c11f731 Mon Sep 17 00:00:00 2001 From: Michal Wojcik Date: Tue, 16 Jul 2024 14:44:16 +0000 Subject: [PATCH 01/17] DXE-3869 Changelog boilerplate --- CHANGELOG.md | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d0cde08a..d6d3780f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,92 @@ # RELEASE NOTES + +## X.X.X (X X, X) + +#### BREAKING CHANGES: + + + + + + + + + + + + + +#### FEATURES/ENHANCEMENTS: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +#### BUG FIXES: + + + + + + + + + + + + + + + + + + + + + + + + + + + ## 6.3.0 (July 16, 2024) From 161c2ad4c7b1ce76a72404bfd0d77b0aec01e62d Mon Sep 17 00:00:00 2001 From: Piotr Bartosik Date: Wed, 17 Jul 2024 13:35:38 +0000 Subject: [PATCH 02/17] DXE-3910 handle retries for 429 code with X-RateLimit-Next --- CHANGELOG.md | 15 ++ internal/test/test.go | 89 ++++++++ pkg/akamai/configure_context.go | 102 +++++++-- pkg/akamai/configure_context_test.go | 304 +++++++++++++++++++++++++++ 4 files changed, 496 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6d3780f3..46f5225e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -130,6 +130,21 @@ * Added new optional field `ttl` to `akamai_edge_hostname` resource. When it is used, creation or update takes longer as resource has to synchronize its state with HAPI. + + + + + +* PAPI + * Added support for status code `429 Too Many Requests` containing `X-RateLimit-Next` header. + When `X-RateLimit-Next` is present, the wait time before retry is calculated as the time + difference between this header and the `Date` header. + + + + + + #### BUG FIXES: * Appsec diff --git a/internal/test/test.go b/internal/test/test.go index 7c8210fbf..f9c4191df 100644 --- a/internal/test/test.go +++ b/internal/test/test.go @@ -2,9 +2,13 @@ package test import ( + "math/rand" + "net/http" + "sync" "testing" "time" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -15,3 +19,88 @@ func NewTimeFromString(t *testing.T, s string) time.Time { require.NoError(t, err) return parsedTime } + +// XRateLimitHTTPHandler first returns status 429 with the X-RateLimit-Next header set to +// time.Now() plus a random value between 1 and 5 seconds. It keeps sending 429 until the +// X-RateLimit-Next point in time. Then it starts to return SuccessCode and SuccessBody +// indefinitely. +type XRateLimitHTTPHandler struct { + T *testing.T + SuccessCode int + SuccessBody string + + mutex sync.Mutex + availableAt time.Time + returnedCodes []int + returnTimes []time.Time +} + +func (h *XRateLimitHTTPHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request) { + av := h.AvailableAt() + + if av.IsZero() { + busyInterval := time.Duration(1+rand.Intn(4)) * time.Second + h.setAvailableAt(time.Now().Add(busyInterval)) + h.setTooManyRequests(w) + return + } + + now := time.Now() + if now.Before(av) { + h.setTooManyRequests(w) + } else { + h.setStatusCode(w, h.SuccessCode) + _, err := w.Write([]byte(h.SuccessBody)) + assert.NoError(h.T, err) + } +} + +// AvailableAt returns the point in time at which the handler stops returning status code 429 +func (h *XRateLimitHTTPHandler) AvailableAt() time.Time { + h.mutex.Lock() + defer h.mutex.Unlock() + return h.availableAt +} + +// ReturnedCodes returns a list of status codes from subsequent handler responses +func (h *XRateLimitHTTPHandler) ReturnedCodes() []int { + h.mutex.Lock() + defer h.mutex.Unlock() + res := make([]int, len(h.returnedCodes)) + copy(res, h.returnedCodes) + return res +} + +// ReturnTimes returns a list of times at which subsequent responses were written +func (h *XRateLimitHTTPHandler) ReturnTimes() []time.Time { + h.mutex.Lock() + defer h.mutex.Unlock() + res := make([]time.Time, len(h.returnTimes)) + copy(res, h.returnTimes) + return res +} + +func (h *XRateLimitHTTPHandler) setTooManyRequests(w http.ResponseWriter) { + // Do not use Add() to avoid canonicalization to X-Ratelimit-Next + nextStr := h.availableAt.Format(time.RFC3339Nano) + w.Header()["X-RateLimit-Next"] = []string{nextStr} + h.setStatusCode(w, http.StatusTooManyRequests) + body := "Your request did not succeed as this operation has reached the limit " + + "for your account. Please try after " + nextStr + _, err := w.Write([]byte(body)) + assert.NoError(h.T, err) +} + +func (h *XRateLimitHTTPHandler) setStatusCode(w http.ResponseWriter, statusCode int) { + w.WriteHeader(statusCode) + h.mutex.Lock() + defer h.mutex.Unlock() + h.returnedCodes = append(h.returnedCodes, statusCode) + h.returnTimes = append(h.returnTimes, time.Now()) +} + +func (h *XRateLimitHTTPHandler) setAvailableAt(availableAt time.Time) { + h.mutex.Lock() + defer h.mutex.Unlock() + h.availableAt = availableAt +} diff --git a/pkg/akamai/configure_context.go b/pkg/akamai/configure_context.go index 0dcfcf19e..dc68c220b 100644 --- a/pkg/akamai/configure_context.go +++ b/pkg/akamai/configure_context.go @@ -16,6 +16,7 @@ import ( "github.com/akamai/terraform-provider-akamai/v6/pkg/logger" "github.com/akamai/terraform-provider-akamai/v6/pkg/meta" "github.com/akamai/terraform-provider-akamai/v6/pkg/retryablehttp" + "github.com/apex/log" "github.com/google/uuid" "github.com/spf13/cast" ) @@ -62,6 +63,90 @@ func sessionWithoutRetry(opts []session.Option) (session.Session, error) { return session.New(opts...) } +func overrideRetryPolicy(basePolicy retryablehttp.CheckRetry) retryablehttp.CheckRetry { + return func(ctx context.Context, resp *http.Response, err error) (bool, error) { + + // do not retry on context.Canceled or context.DeadlineExceeded + if ctx.Err() != nil { + return false, ctx.Err() + } + + // Retry all PAPI requests resulting status code 429 + // The backoff time is calculated in getXRateLimitBackoff + is429 := resp != nil && resp.StatusCode == http.StatusTooManyRequests + if is429 && strings.HasPrefix(resp.Request.URL.Path, "/papi/") { + return true, nil + } + + var urlErr *url.Error + if (resp != nil && resp.Request.Method == http.MethodGet) || + (resp == nil && errors.As(err, &urlErr) && strings.ToUpper(urlErr.Op) == http.MethodGet) { + + if resp != nil && resp.StatusCode == http.StatusConflict { + return true, nil + } + return basePolicy(ctx, resp, err) + } + return false, nil + } +} + +// Note that Date's resolution is seconds (e.g. Mon, 01 Jul 2024 14:32:14 GMT), +// while X-RateLimit-Next's resolution is milliseconds (2024-07-01T14:32:28.645Z). +// This may cause the wait time to be inflated by at most one second, like for the +// actual server response time around 2024-07-01T14:32:14.999Z. This is acceptable behavior +// as retry does not occur earlier than expected. +func getXRateLimitBackoff(resp *http.Response, logger log.Interface) (time.Duration, bool) { + nextHeader := resp.Header.Get("X-RateLimit-Next") + if nextHeader == "" { + return 0, false + } + next, err := time.Parse(time.RFC3339Nano, nextHeader) + if err != nil { + if logger != nil { + logger.WithError(err).Error("Could not parse X-RateLimit-Next header") + } + return 0, false + } + + dateHeader := resp.Header.Get("Date") + if dateHeader == "" { + if logger != nil { + logger.Warnf("No Date header for X-RateLimit-Next: %s", nextHeader) + } + return 0, false + } + date, err := time.Parse(time.RFC1123, dateHeader) + if err != nil { + if logger != nil { + logger.WithError(err).Error("Could not parse Date header") + } + return 0, false + } + + // Next in the past does not make sense + if next.Before(date) { + if logger != nil { + logger.Warnf("X-RateLimit-Next: %s before Date: %s", nextHeader, dateHeader) + } + return 0, false + } + return next.Sub(date), true +} + +func overrideBackoff(baseBackoff retryablehttp.Backoff, logger log.Interface) retryablehttp.Backoff { + return func(min, max time.Duration, attemptNum int, resp *http.Response) time.Duration { + if resp != nil { + if resp.StatusCode == http.StatusTooManyRequests { + if wait, ok := getXRateLimitBackoff(resp, logger); ok { + return wait + } + } + } + return baseBackoff(min, max, attemptNum, resp) + } +} + func sessionWithRetry(cfg contextConfig, opts []session.Option) (session.Session, error) { if cfg.retryMax == 0 { cfg.retryMax = 10 @@ -97,20 +182,9 @@ func sessionWithRetry(cfg contextConfig, opts []session.Option) (session.Session return sess.Sign(req) } - retryClient.CheckRetry = func(ctx context.Context, resp *http.Response, err error) (bool, error) { - var urlErr *url.Error - if (resp != nil && resp.Request.Method == http.MethodGet) || - (resp == nil && errors.As(err, &urlErr) && strings.ToUpper(urlErr.Op) == http.MethodGet) { - if ctx.Err() != nil { - return false, ctx.Err() - } - if resp != nil && resp.StatusCode == http.StatusConflict { - return true, nil - } - return retryablehttp.DefaultRetryPolicy(ctx, resp, err) - } - return false, nil - } + retryClient.CheckRetry = overrideRetryPolicy(retryablehttp.DefaultRetryPolicy) + + retryClient.Backoff = overrideBackoff(retryablehttp.DefaultBackoff, sess.Log(cfg.ctx)) return sess, nil } diff --git a/pkg/akamai/configure_context_test.go b/pkg/akamai/configure_context_test.go index 2d318a0f9..19210cc32 100644 --- a/pkg/akamai/configure_context_test.go +++ b/pkg/akamai/configure_context_test.go @@ -1,10 +1,24 @@ package akamai import ( + "context" + "crypto/tls" + "crypto/x509" + "errors" + "net/http" + "net/http/httptest" + "net/url" + "strings" "testing" "time" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/edgegrid" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/session" + "github.com/akamai/terraform-provider-akamai/v6/internal/test" + "github.com/akamai/terraform-provider-akamai/v6/pkg/retryablehttp" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test_validateRetryConfiguration(t *testing.T) { @@ -101,3 +115,293 @@ func Test_validateRetryConfiguration(t *testing.T) { }) } } + +func newRequest(t *testing.T, method, url string) *http.Request { + r, err := http.NewRequest(method, url, nil) + assert.NoError(t, err) + return r +} + +func TestOverrideRetryPolicy(t *testing.T) { + basePolicy := func(ctx context.Context, resp *http.Response, err error) (bool, error) { + return false, errors.New("base policy: dummy, not implemented") + } + policy := overrideRetryPolicy(basePolicy) + + tests := map[string]struct { + ctx context.Context + resp *http.Response + err error + expectedResult bool + expectedError string + }{ + "should retry for PAPI GET with status 429": { + ctx: context.Background(), + resp: &http.Response{ + Request: newRequest(t, http.MethodGet, "/papi/v1/sth"), + StatusCode: http.StatusTooManyRequests, + }, + expectedResult: true, + }, + "should retry for PAPI POST with status 429": { + ctx: context.Background(), + resp: &http.Response{ + Request: newRequest(t, http.MethodPost, "/papi/v1/sth"), + StatusCode: http.StatusTooManyRequests, + }, + expectedResult: true, + }, + "should not retry for PAPI POST with other 4xx status": { + ctx: context.Background(), + resp: &http.Response{ + Request: newRequest(t, http.MethodPost, "/papi/v1/sth"), + StatusCode: http.StatusBadRequest, + }, + expectedResult: false, + }, + "should retry for GET with status 409 conflict": { + ctx: context.Background(), + resp: &http.Response{ + Request: &http.Request{Method: http.MethodGet}, + StatusCode: http.StatusConflict, + }, + expectedResult: true, + }, + "should call base policy for other GETs": { + ctx: context.Background(), + resp: &http.Response{Request: &http.Request{Method: http.MethodGet}}, + expectedError: "base policy: dummy, not implemented", + }, + "should forward context error when present": { + ctx: func() context.Context { + ctx, cancel := context.WithCancel(context.Background()) + cancel() + return ctx + }(), + resp: &http.Response{Request: &http.Request{Method: http.MethodGet}}, + expectedError: "context canceled", + }, + "should not retry for POST": { + ctx: context.Background(), + resp: &http.Response{Request: &http.Request{Method: http.MethodPost}}, + expectedResult: false, + }, + "should not retry for PUT": { + ctx: context.Background(), + resp: &http.Response{Request: &http.Request{Method: http.MethodPut}}, + expectedResult: false, + }, + "should not retry for PATCH": { + ctx: context.Background(), + resp: &http.Response{Request: &http.Request{Method: http.MethodPatch}}, + expectedResult: false, + }, + "should not retry for HEAD": { + ctx: context.Background(), + resp: &http.Response{Request: &http.Request{Method: http.MethodHead}}, + expectedResult: false, + }, + "should not retry for DELETE": { + ctx: context.Background(), + resp: &http.Response{Request: &http.Request{Method: http.MethodDelete}}, + expectedResult: false, + }, + } + for name, tst := range tests { + t.Run(name, func(t *testing.T) { + shouldRetry, err := policy(tst.ctx, tst.resp, tst.err) + if len(tst.expectedError) > 0 { + assert.ErrorContains(t, err, tst.expectedError) + } else { + assert.NoError(t, err) + assert.Equal(t, tst.expectedResult, shouldRetry) + } + }) + } +} + +func stat429ResponseWaiting(wait time.Duration) *http.Response { + res := http.Response{ + StatusCode: http.StatusTooManyRequests, + Header: http.Header{}, + } + + now := time.Now().UTC().Round(time.Second) + date := strings.Replace(now.Format(time.RFC1123), "UTC", "GMT", 1) + res.Header.Add("Date", date) + if wait != 0 { + // Add: allow to canonicalize to X-Ratelimit-Next or the header won't be recognized + res.Header.Add("X-RateLimit-Next", now.Add(wait).Format(time.RFC3339Nano)) + } + return &res +} + +func Test_overrideBackoff(t *testing.T) { + baseWait := time.Duration(24) * time.Hour + baseBackoff := func(min, max time.Duration, attemptNum int, resp *http.Response) time.Duration { + return baseWait + } + backoff := overrideBackoff(baseBackoff, nil) + + tests := map[string]struct { + resp *http.Response + expectedResult time.Duration + }{ + "correctly calculates backoff from X-RateLimit-Next": { + resp: stat429ResponseWaiting(time.Duration(5729) * time.Millisecond), + expectedResult: time.Duration(5729) * time.Millisecond, + }, + "falls back for next in the past": { + resp: stat429ResponseWaiting(-time.Duration(5729) * time.Millisecond), + expectedResult: baseWait, + }, + "falls back for no X-RateLimit-Next header": { + resp: stat429ResponseWaiting(0), + expectedResult: baseWait, + }, + "falls back for invalid X-RateLimit-Next header": { + resp: func() *http.Response { + r := stat429ResponseWaiting(time.Duration(5729) * time.Millisecond) + r.Header.Set("X-RateLimit-Next", "2024-07-01T14:32:28.645???") + return r + }(), + expectedResult: baseWait, + }, + "falls back for no Date header": { + resp: func() *http.Response { + r := stat429ResponseWaiting(time.Duration(5729) * time.Millisecond) + r.Header.Del("Date") + return r + }(), + expectedResult: baseWait, + }, + "falls back for invalid Date header": { + resp: func() *http.Response { + r := stat429ResponseWaiting(time.Duration(5729) * time.Millisecond) + r.Header.Set("Date", "Mon, 01 Jul 2024 99:99:99 GMT") + return r + }(), + expectedResult: baseWait, + }, + } + for name, tst := range tests { + t.Run(name, func(t *testing.T) { + wait := backoff(1, 30, 1, tst.resp) + assert.Equal(t, tst.expectedResult, wait) + }) + } +} + +func mockSession(t *testing.T, mockServer *httptest.Server) session.Session { + serverURL, err := url.Parse(mockServer.URL) + require.NoError(t, err) + config := edgegrid.Config{Host: serverURL.Host} + + meta, err := configureContext(contextConfig{ + edgegridConfig: &config, + ctx: context.Background(), + }) + assert.NoError(t, err) + + certPool := x509.NewCertPool() + certPool.AddCert(mockServer.Certificate()) + rt := meta.Session().Client().Transport.(*retryablehttp.RoundTripper) + transport := rt.Client.HTTPClient.Transport.(*http.Transport) + transport.TLSClientConfig = &tls.Config{ + RootCAs: certPool, + } + + return meta.Session() +} + +func TestXRateLimitGet(t *testing.T) { + xrlHandler := test.XRateLimitHTTPHandler{ + T: t, + SuccessCode: http.StatusOK, + SuccessBody: ` + { + "properties": { + "items": [ + { + "accountId": "dummy_account_id", + "contractId": "ctr_test1", + "groupId": "grp_test1", + "propertyId": "prp_test1", + "propertyName": "my_property", + "latestVersion": 1, + "stagingVersion": null, + "productionVersion": null, + "assetId": "12345678" + } + ] + } + }`, + } + + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/papi/v1/properties/prp_test1?contractId=ctr_test1&groupId=grp_test1", r.URL.String()) + assert.Equal(t, http.MethodGet, r.Method) + xrlHandler.ServeHTTP(w, r) + })) + defer mockServer.Close() + + client := papi.Client(mockSession(t, mockServer)) + result, err := client.GetProperty(context.Background(), papi.GetPropertyRequest{ + ContractID: "ctr_test1", + GroupID: "grp_test1", + PropertyID: "prp_test1", + }) + require.NoError(t, err) + assert.Equal(t, "my_property", result.Property.PropertyName) + // We expect exactly two requests to the server: + // - the first resulting in code 429 + // - the second after a proper backoff, resulting in status 200 + assert.Equal(t, []int{http.StatusTooManyRequests, http.StatusOK}, xrlHandler.ReturnedCodes()) + assert.Less(t, + xrlHandler.ReturnTimes()[1], + xrlHandler.AvailableAt().Add(time.Duration(time.Millisecond)*1100)) +} + +func TestXRateLimitPost(t *testing.T) { + xrlHandler := test.XRateLimitHTTPHandler{ + T: t, + SuccessCode: http.StatusCreated, + SuccessBody: ` + { + "activationLink": "/papi/v1/properties/prp_12345/activations/dummy_activation?contractId=ctr_test1&groupId=grp_test1" + }`, + } + + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/papi/v1/properties/prp_12345/activations?contractId=ctr_test1&groupId=grp_test1", r.URL.String()) + assert.Equal(t, http.MethodPost, r.Method) + xrlHandler.ServeHTTP(w, r) + })) + defer mockServer.Close() + + client := papi.Client(mockSession(t, mockServer)) + result, err := client.CreateActivation(context.Background(), papi.CreateActivationRequest{ + PropertyID: "prp_12345", + ContractID: "ctr_test1", + GroupID: "grp_test1", + Activation: papi.Activation{ + PropertyVersion: 1, + Network: papi.ActivationNetworkStaging, + UseFastFallback: false, + NotifyEmails: []string{ + "you@example.com", + "them@example.com", + }, + AcknowledgeWarnings: []string{"foobarbaz"}, + }, + }) + require.NoError(t, err) + assert.Equal(t, "dummy_activation", result.ActivationID) + // We expect exactly two requests to the server: + // - the first resulting in code 429 + // - the second after a proper backoff, resulting in status 201 + assert.Equal(t, []int{http.StatusTooManyRequests, http.StatusCreated}, xrlHandler.ReturnedCodes()) + assert.Less(t, + xrlHandler.ReturnTimes()[1], + xrlHandler.AvailableAt().Add(time.Duration(time.Millisecond)*1100)) +} From fda4242497a56d9fcbe6b5dde195d51a47d32993 Mon Sep 17 00:00:00 2001 From: Dawid Dzhafarov Date: Mon, 22 Jul 2024 10:37:46 +0000 Subject: [PATCH 03/17] DXE-3964 Add support for acknowledgement of post-verification warnings for dv_validation resource --- CHANGELOG.md | 4 +- pkg/providers/cps/enrollments.go | 27 +- .../cps/resource_akamai_cps_dv_enrollment.go | 2 +- .../resource_akamai_cps_dv_enrollment_test.go | 355 ++++++++++++++++-- .../cps/resource_akamai_cps_dv_validation.go | 80 ++-- .../resource_akamai_cps_dv_validation_test.go | 200 +++++++++- ..._akamai_cps_third_party_enrollment_test.go | 171 ++++++++- .../resource_akamai_cps_upload_certificate.go | 22 +- ...urce_akamai_cps_upload_certificate_test.go | 26 +- ...e_validation_with_ack_post_verification.tf | 11 + 10 files changed, 795 insertions(+), 103 deletions(-) create mode 100644 pkg/providers/cps/testdata/TestResDVValidation/create_validation_with_ack_post_verification.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 46f5225e5..22ce5b820 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,8 +33,8 @@ - - +* CPS + * Added `acknowledge_post_verification_warnings` to the `akamai_cps_dv_validation` resource to allow for acknowledgement of post-verification warnings diff --git a/pkg/providers/cps/enrollments.go b/pkg/providers/cps/enrollments.go index 3d6a93237..0dd339896 100644 --- a/pkg/providers/cps/enrollments.go +++ b/pkg/providers/cps/enrollments.go @@ -27,14 +27,19 @@ type ( ) const ( - statusCoordinateDomainValidation = "coodinate-domain-validation" - waitUploadThirdParty = "wait-upload-third-party" - statusVerificationWarnings = "wait-review-pre-verification-safety-checks" - inputTypePreVerificationWarningsAck = "pre-verification-warnings-acknowledgement" - waitReviewThirdPartyCert = "wait-review-third-party-cert" - waitAckChangeManagement = "wait-ack-change-management" - complete = "complete" - verifyThirdPartyCert = "verify-third-party-cert" + // note: `coodinateDomainValidation` is misspelled, once CPS API will use correct version, we should also use the correct status, + // hence for now we support both versions (CPSREQUEST-815 for further tracking). + coodinateDomainValidation = "coodinate-domain-validation" + coordinateDomainValidation = "coordinate-domain-validation" + waitUploadThirdParty = "wait-upload-third-party" + waitReviewPreVerificationSafetyChecks = "wait-review-pre-verification-safety-checks" + inputTypePreVerificationWarningsAck = "pre-verification-warnings-acknowledgement" + waitReviewThirdPartyCert = "wait-review-third-party-cert" + waitAckChangeManagement = "wait-ack-change-management" + complete = "complete" + verifyThirdPartyCert = "verify-third-party-cert" + waitReviewCertWarning = "wait-review-cert-warning" + liveCheckAction = "live-check-action" ) var ( @@ -432,15 +437,15 @@ func waitForVerification(ctx context.Context, logger log.Interface, client cps.C if err != nil { return err } - for ((status.StatusInfo.Status != statusCoordinateDomainValidation && status.StatusInfo.Status != waitUploadThirdParty) || len(status.AllowedInput) == 0) && - status.StatusInfo.Status != "complete" { + for ((status.StatusInfo.Status != coodinateDomainValidation && status.StatusInfo.Status != coordinateDomainValidation && status.StatusInfo.Status != waitUploadThirdParty) || len(status.AllowedInput) == 0) && + status.StatusInfo.Status != complete && status.StatusInfo.Status != waitReviewCertWarning { select { case <-time.After(PollForChangeStatusInterval): status, err = client.GetChangeStatus(ctx, changeStatusReq) if err != nil { return err } - if status.StatusInfo != nil && status.StatusInfo.Status == statusVerificationWarnings && + if status.StatusInfo != nil && status.StatusInfo.Status == waitReviewPreVerificationSafetyChecks && len(status.AllowedInput) > 0 && status.AllowedInput[0].Type == inputTypePreVerificationWarningsAck { warnings, err := client.GetChangePreVerificationWarnings(ctx, cps.GetChangeRequest{ diff --git a/pkg/providers/cps/resource_akamai_cps_dv_enrollment.go b/pkg/providers/cps/resource_akamai_cps_dv_enrollment.go index 33fc4bd3c..98dd00723 100644 --- a/pkg/providers/cps/resource_akamai_cps_dv_enrollment.go +++ b/pkg/providers/cps/resource_akamai_cps_dv_enrollment.go @@ -324,7 +324,7 @@ func resourceCPSDVEnrollmentCreate(ctx context.Context, d *schema.ResourceData, } // save ClientMutualAuthentication and unset it in enrollment request struct - // create request must not have it set; in case its not nil, we will run update later to add it + // create request must not have it set; in case it's not nil, we will run update later to add it clientMutualAuthentication := enrollmentReqBody.NetworkConfiguration.ClientMutualAuthentication enrollmentReqBody.NetworkConfiguration.ClientMutualAuthentication = nil diff --git a/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go b/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go index 40ed2cab5..18e79cfbf 100644 --- a/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go +++ b/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go @@ -130,7 +130,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -142,7 +142,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -156,7 +156,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(3) @@ -225,7 +225,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -236,7 +236,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Twice() client.On("GetChangeLetsEncryptChallenges", mock.Anything, cps.GetChangeRequest{ @@ -315,6 +315,303 @@ func TestResourceDVEnrollment(t *testing.T) { client.AssertExpectations(t) }) + t.Run("lifecycle test, remove san, returns 'wait-review-cert-warning' status", func(t *testing.T) { + PollForChangeStatusInterval = 1 * time.Millisecond + client := &cps.Mock{} + enrollment := cps.GetEnrollmentResponse{ + AdminContact: &cps.Contact{ + AddressLineOne: "150 Broadway", + City: "Cambridge", + Country: "US", + Email: "r1d1@akamai.com", + FirstName: "R1", + LastName: "D1", + OrganizationName: "Akamai", + Phone: "123123123", + PostalCode: "12345", + Region: "MA", + }, + CertificateChainType: "default", + CertificateType: "san", + CSR: &cps.CSR{ + C: "US", + CN: "test.akamai.com", + L: "Cambridge", + O: "Akamai", + OU: "WebEx", + SANS: []string{"san.test.akamai.com"}, + ST: "MA", + PreferredTrustChain: "intermediate-a", + }, + EnableMultiStackedCertificates: false, + NetworkConfiguration: &cps.NetworkConfiguration{ + DisallowedTLSVersions: []string{"TLSv1", "TLSv1_1"}, + DNSNameSettings: &cps.DNSNameSettings{ + CloneDNSNames: false, + DNSNames: []string{"san.test.akamai.com"}, + }, + Geography: "core", + MustHaveCiphers: "ak-akamai-default", + OCSPStapling: "on", + PreferredCiphers: "ak-akamai-default", + QuicEnabled: false, + SecureNetwork: "enhanced-tls", + SNIOnly: true, + }, + Org: &cps.Org{ + AddressLineOne: "150 Broadway", + City: "Cambridge", + Country: "US", + Name: "Akamai", + Phone: "321321321", + PostalCode: "12345", + Region: "MA", + }, + RA: "lets-encrypt", + SignatureAlgorithm: "SHA-256", + TechContact: &cps.Contact{ + AddressLineOne: "150 Broadway", + City: "Cambridge", + Country: "US", + Email: "r2d2@akamai.com", + FirstName: "R2", + LastName: "D2", + OrganizationName: "Akamai", + Phone: "123123123", + PostalCode: "12345", + Region: "MA", + }, + ValidationType: "dv", + } + enrollmentReqBody := createEnrollmentReqBodyFromEnrollment(enrollment) + + client.On("CreateEnrollment", + mock.Anything, + cps.CreateEnrollmentRequest{ + EnrollmentRequestBody: enrollmentReqBody, + ContractID: "1", + }, + ).Return(&cps.CreateEnrollmentResponse{ + ID: 1, + Enrollment: "/cps/v2/enrollments/1", + Changes: []string{"/cps/v2/enrollments/1/changes/2"}, + }, nil).Once() + + enrollment.Location = "/cps/v2/enrollments/1" + enrollment.PendingChanges = []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + } + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&enrollment, nil).Once() + + // first verification loop, invalid status + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "pre-verification-safety-checks", + }, + }, nil).Once() + + // second verification loop, valid status, empty allowed input array + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: coodinateDomainValidation, + }, + }, nil).Once() + + // final verification loop, everything in place + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: coodinateDomainValidation, + }, + }, nil).Once() + + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&enrollment, nil).Times(3) + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: coodinateDomainValidation, + }, + }, nil).Times(3) + + client.On("GetChangeLetsEncryptChallenges", mock.Anything, cps.GetChangeRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.DVArray{DV: []cps.DV{ + { + Challenges: []cps.Challenge{ + {FullPath: "_acme-challenge.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, + {FullPath: "_acme-challenge.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, + }, + Domain: "test.akamai.com", + ValidationStatus: "IN_PROGRESS", + }, + { + Challenges: []cps.Challenge{ + {FullPath: "_acme-challenge.san.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, + {FullPath: "_acme-challenge.san.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, + }, + Domain: "san.test.akamai.com", + ValidationStatus: "IN_PROGRESS", + }, + }}, nil).Times(3) + + var enrollmentUpdate cps.GetEnrollmentResponse + err := copier.CopyWithOption(&enrollmentUpdate, enrollment, copier.Option{DeepCopy: true}) + require.NoError(t, err) + enrollmentUpdate.AdminContact.FirstName = "R1" + enrollmentUpdate.AdminContact.LastName = "D1" + enrollmentUpdate.CSR.SANS = nil + enrollmentUpdate.CSR.PreferredTrustChain = "" + enrollmentUpdate.NetworkConfiguration.DNSNameSettings.DNSNames = nil + enrollmentUpdate.Location = "" + enrollmentUpdate.PendingChanges = nil + + enrollmentUpdateReqBody := createEnrollmentReqBodyFromEnrollment(enrollmentUpdate) + allowCancel := true + client.On("UpdateEnrollment", + mock.Anything, + cps.UpdateEnrollmentRequest{ + EnrollmentRequestBody: enrollmentUpdateReqBody, + EnrollmentID: 1, + AllowCancelPendingChanges: &allowCancel, + }, + ).Return(&cps.UpdateEnrollmentResponse{ + ID: 1, + Enrollment: "/cps/v2/enrollments/1", + Changes: []string{"/cps/v2/enrollments/1/changes/2"}, + }, nil).Once() + + enrollmentUpdate.Location = "/cps/v2/enrollments/1" + enrollmentUpdate.PendingChanges = []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + } + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&enrollmentUpdate, nil).Times(3) + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: waitReviewCertWarning, + }, + }, nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: waitReviewCertWarning, + }, + }, nil).Twice() + client.On("GetChangeLetsEncryptChallenges", mock.Anything, cps.GetChangeRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.DVArray{DV: []cps.DV{ + { + Challenges: []cps.Challenge{ + {FullPath: "_acme-challenge.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, + {FullPath: "_acme-challenge.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, + {FullPath: "_acme-challenge.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, + }, + Domain: "test.akamai.com", + ValidationStatus: "IN_PROGRESS", + }, + { + Challenges: []cps.Challenge{ + {FullPath: "_acme-challenge.san.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, + {FullPath: "_acme-challenge.san.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, + }, + Domain: "san.test.akamai.com", + ValidationStatus: "IN_PROGRESS", + }, + { + Challenges: []cps.Challenge{ + {FullPath: "_acme-challenge.san2.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, + {FullPath: "_acme-challenge.san2.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, + }, + Domain: "san2.test.akamai.com", + ValidationStatus: "IN_PROGRESS", + }, + }}, nil).Twice() + + client.On("RemoveEnrollment", mock.Anything, cps.RemoveEnrollmentRequest{ + EnrollmentID: 1, + AllowCancelPendingChanges: &allowCancel, + }).Return(&cps.RemoveEnrollmentResponse{ + Enrollment: "1", + }, nil).Once() + + useClient(client, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestResDVEnrollment/lifecycle/create_enrollment.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "contract_id", "ctr_1"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "certificate_type", "san"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "validation_type", "dv"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "registration_authority", "lets-encrypt"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "dns_challenges.#", "2"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "http_challenges.#", "2"), + resource.TestCheckOutput("domains_to_validate", "_acme-challenge.san.test.akamai.com,_acme-challenge.test.akamai.com"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "timeouts.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "timeouts.0.default", "2h"), + ), + }, + { + Config: testutils.LoadFixtureString(t, "testdata/TestResDVEnrollment/empty_sans/create_enrollment.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "contract_id", "ctr_1"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "certificate_type", "san"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "validation_type", "dv"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "registration_authority", "lets-encrypt"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "dns_challenges.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "http_challenges.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_enrollment.dv", "timeouts.#", "0"), + resource.TestCheckOutput("domains_to_validate", "_acme-challenge.test.akamai.com"), + ), + }, + }, + }) + }) + + client.AssertExpectations(t) + }) + t.Run("create enrollment, empty sans", func(t *testing.T) { PollForChangeStatusInterval = 1 * time.Millisecond client := &cps.Mock{} @@ -427,7 +724,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -439,7 +736,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -453,7 +750,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(2) @@ -640,7 +937,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -652,7 +949,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -666,7 +963,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(2) @@ -825,7 +1122,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -837,7 +1134,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -851,7 +1148,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(4) @@ -1018,7 +1315,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1032,7 +1329,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(2) @@ -1155,7 +1452,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1169,7 +1466,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(3) @@ -1205,7 +1502,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1216,7 +1513,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Twice() client.On("GetChangeLetsEncryptChallenges", mock.Anything, cps.GetChangeRequest{ @@ -1377,7 +1674,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "pre-verification-warnings-acknowledgement"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() @@ -1408,7 +1705,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1422,7 +1719,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Twice() @@ -1582,7 +1879,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1594,7 +1891,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1608,7 +1905,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(2) @@ -1755,7 +2052,7 @@ func TestResourceDVEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: inputTypePreVerificationWarningsAck}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() @@ -1965,7 +2262,7 @@ func TestResourceDVEnrollmentImport(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1979,7 +2276,7 @@ func TestResourceDVEnrollmentImport(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "lets-encrypt-challenges"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Times(3) diff --git a/pkg/providers/cps/resource_akamai_cps_dv_validation.go b/pkg/providers/cps/resource_akamai_cps_dv_validation.go index eb4160cfc..08fbec155 100644 --- a/pkg/providers/cps/resource_akamai_cps_dv_validation.go +++ b/pkg/providers/cps/resource_akamai_cps_dv_validation.go @@ -2,7 +2,6 @@ package cps import ( "context" - "encoding/json" "errors" "fmt" "strconv" @@ -48,6 +47,12 @@ func resourceCPSDVValidation() *schema.Resource { Computed: true, Description: "Status of validation", }, + "acknowledge_post_verification_warnings": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Whether to acknowledge all post-verification warnings", + }, "timeouts": { Type: schema.TypeList, Optional: true, @@ -100,39 +105,46 @@ func resourceCPSDVValidationCreate(ctx context.Context, d *schema.ResourceData, if err != nil { return diag.FromErr(err) } - changeStatusReq := cps.GetChangeStatusRequest{ - EnrollmentID: enrollmentID, - ChangeID: changeID, + + // if status is `coordinate-domain-validation` or `wait-review-cert-warning` proceed further + status, err := waitForChangeStatus(ctx, client, enrollmentID, changeID, coodinateDomainValidation, coordinateDomainValidation, waitReviewCertWarning) + if err != nil { + return diag.FromErr(err) } - status, err := client.GetChangeStatus(ctx, changeStatusReq) + + ackPostVerification, err := tf.GetBoolValue("acknowledge_post_verification_warnings", d) if err != nil { return diag.FromErr(err) } - for status.StatusInfo.Status != statusCoordinateDomainValidation { - select { - case <-time.After(PollForChangeStatusInterval): - status, err = client.GetChangeStatus(ctx, changeStatusReq) - if err != nil { - return diag.FromErr(err) - } - changeStatusJSON, err := json.MarshalIndent(status, "", "\t") - if err != nil { - return diag.FromErr(err) - } - logger.Debugf("Change status: %s", changeStatusJSON) - if status.StatusInfo != nil && status.StatusInfo.Error != nil && status.StatusInfo.Error.Description != "" { - return diag.Errorf(status.StatusInfo.Error.Description) - } - case <-ctx.Done(): - return diag.Errorf("change status context terminated: %s", ctx.Err()) + + // if the status is `wait-review-cert-warning`, handle post warnings + if status.StatusInfo != nil && status.StatusInfo.Status == waitReviewCertWarning && ackPostVerification { + if err = sendPostVerificationAcknowledgement(ctx, client, enrollmentID, changeID); err != nil { + return diag.FromErr(err) } + d.SetId(strconv.Itoa(enrollmentID)) + return resourceCPSDVValidationRead(ctx, d, m) } + + // if the status is `coordinate-domain-validation`, send ack for DV challenges err = client.AcknowledgeDVChallenges(ctx, cps.AcknowledgementRequest{ Acknowledgement: cps.Acknowledgement{Acknowledgement: cps.AcknowledgementAcknowledge}, EnrollmentID: enrollmentID, ChangeID: changeID, }) if err == nil { + status, err = waitForChangeStatus(ctx, client, enrollmentID, changeID, waitReviewCertWarning, complete, coordinateDomainValidation, coodinateDomainValidation) + if err != nil { + return diag.FromErr(err) + } + + if status.StatusInfo != nil && status.StatusInfo.Status == waitReviewCertWarning && ackPostVerification { + if err = sendPostVerificationAcknowledgement(ctx, client, enrollmentID, changeID); err != nil { + return diag.FromErr(err) + } + } + + // for other statuses: `coordinate-domain-validation` and `complete`, go to read d.SetId(strconv.Itoa(enrollmentID)) return resourceCPSDVValidationRead(ctx, d, m) } @@ -148,6 +160,18 @@ func resourceCPSDVValidationCreate(ctx context.Context, d *schema.ResourceData, ChangeID: changeID, }) if err == nil { + status, err = waitForChangeStatus(ctx, client, enrollmentID, changeID, waitReviewCertWarning, complete, coordinateDomainValidation, coodinateDomainValidation) + if err != nil { + return diag.FromErr(err) + } + + if status.StatusInfo != nil && status.StatusInfo.Status == waitReviewCertWarning && ackPostVerification { + if err = sendPostVerificationAcknowledgement(ctx, client, enrollmentID, changeID); err != nil { + return diag.FromErr(err) + } + } + + // for other statuses: `coordinate-domain-validation` and `complete`, go to read d.SetId(strconv.Itoa(enrollmentID)) return resourceCPSDVValidationRead(ctx, d, m) } @@ -217,3 +241,15 @@ func resourceCPSDVValidationDelete(_ context.Context, d *schema.ResourceData, _ d.SetId("") return nil } + +func sendPostVerificationAcknowledgement(ctx context.Context, client cps.CPS, enrollmentID, changeID int) error { + if err := client.AcknowledgePostVerificationWarnings(ctx, cps.AcknowledgementRequest{ + Acknowledgement: cps.Acknowledgement{Acknowledgement: cps.AcknowledgementAcknowledge}, + EnrollmentID: enrollmentID, + ChangeID: changeID, + }); err != nil { + return fmt.Errorf("could not acknowledge post-verification warnings: %s", err) + } + + return nil +} diff --git a/pkg/providers/cps/resource_akamai_cps_dv_validation_test.go b/pkg/providers/cps/resource_akamai_cps_dv_validation_test.go index 0c287c046..99a2a3bd7 100644 --- a/pkg/providers/cps/resource_akamai_cps_dv_validation_test.go +++ b/pkg/providers/cps/resource_akamai_cps_dv_validation_test.go @@ -3,6 +3,7 @@ package cps import ( "fmt" "regexp" + "strconv" "testing" "time" @@ -39,7 +40,13 @@ func TestDVValidation(t *testing.T) { Acknowledgement: cps.Acknowledgement{Acknowledgement: "acknowledge"}, EnrollmentID: 1, ChangeID: 2, - }).Return(nil) + }).Return(nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Once() client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ @@ -78,7 +85,13 @@ func TestDVValidation(t *testing.T) { Acknowledgement: cps.Acknowledgement{Acknowledgement: "acknowledge"}, EnrollmentID: 1, ChangeID: 2, - }).Return(nil) + }).Return(nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Once() client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ @@ -122,6 +135,183 @@ func TestDVValidation(t *testing.T) { mock.AssertExpectationsForObjects(t) }) }) + t.Run("lifecycle test with ack post verification warnings", func(t *testing.T) { + client := &cps.Mock{} + PollForChangeStatusInterval = 1 * time.Millisecond + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + }}, nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "running", + }}, nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Once() + + client.On("AcknowledgeDVChallenges", mock.Anything, cps.AcknowledgementRequest{ + Acknowledgement: cps.Acknowledgement{Acknowledgement: "acknowledge"}, + EnrollmentID: 1, + ChangeID: 2, + }).Return(nil) + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "wait-review-cert-warning", + }}, nil).Once() + + client.On("AcknowledgePostVerificationWarnings", mock.Anything, cps.AcknowledgementRequest{ + Acknowledgement: cps.Acknowledgement{ + Acknowledgement: cps.AcknowledgementAcknowledge, + }, + EnrollmentID: 1, + ChangeID: 2, + }).Return(nil).Once() + + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + }}, nil).Times(3) + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Times(3) + + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + }}, nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "running", + }}, nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Twice() + + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + }}, nil).Twice() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Twice() + + useClient(client, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestResDVValidation/create_validation_with_ack_post_verification.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "id", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "status", "coodinate-domain-validation"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "sans.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "acknowledge_post_verification_warnings", strconv.FormatBool(true)), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "timeouts.#", "0"), + ), + }, + { + Config: testutils.LoadFixtureString(t, "testdata/TestResDVValidation/update_validation.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "id", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "status", "coodinate-domain-validation"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "sans.#", "2"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "acknowledge_post_verification_warnings", strconv.FormatBool(false)), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "timeouts.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "timeouts.0.default", "1h"), + ), + }, + }, + }) + mock.AssertExpectationsForObjects(t) + }) + }) + t.Run("receive `wait-review-cert-warning` early", func(t *testing.T) { + client := &cps.Mock{} + PollForChangeStatusInterval = 1 * time.Millisecond + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + }}, nil).Once() + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "running", + Status: waitReviewCertWarning, + }}, nil).Once() + + client.On("AcknowledgePostVerificationWarnings", mock.Anything, cps.AcknowledgementRequest{ + Acknowledgement: cps.Acknowledgement{ + Acknowledgement: cps.AcknowledgementAcknowledge, + }, + EnrollmentID: 1, + ChangeID: 2, + }).Return(nil).Once() + + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + }}, nil).Times(2) + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "complete", + }}, nil).Times(2) + + useClient(client, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestResDVValidation/create_validation_with_ack_post_verification.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "id", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "status", "complete"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "sans.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "acknowledge_post_verification_warnings", strconv.FormatBool(true)), + resource.TestCheckResourceAttr("akamai_cps_dv_validation.dv_validation", "timeouts.#", "0"), + ), + }, + }, + }) + mock.AssertExpectationsForObjects(t) + }) + }) t.Run("retry acknowledgement", func(t *testing.T) { client := &cps.Mock{} changeAckRetryInterval = 1 * time.Millisecond @@ -151,6 +341,12 @@ func TestDVValidation(t *testing.T) { ChangeID: 2, }).Return(nil).Once() + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{EnrollmentID: 1, ChangeID: 2}). + Return(&cps.Change{StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "coodinate-domain-validation", + }}, nil).Once() + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). Return(&cps.GetEnrollmentResponse{PendingChanges: []cps.PendingChange{ { diff --git a/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go b/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go index 131203fbb..ad9588992 100644 --- a/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go +++ b/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go @@ -65,7 +65,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -163,6 +163,153 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { client.AssertExpectations(t) }) + + t.Run("lifecycle test, remove san, returns 'wait-review-cert-warning' status", func(t *testing.T) { + PollForChangeStatusInterval = 1 * time.Millisecond + client := &cps.Mock{} + enrollment := newEnrollment() + enrollmentReqBody := createEnrollmentReqBodyFromEnrollment(enrollment) + + client.On("CreateEnrollment", + mock.Anything, + cps.CreateEnrollmentRequest{ + EnrollmentRequestBody: enrollmentReqBody, + ContractID: "1", + }, + ).Return(&cps.CreateEnrollmentResponse{ + ID: 1, + Enrollment: "/cps/v2/enrollments/1", + Changes: []string{"/cps/v2/enrollments/1/changes/2"}, + }, nil).Once() + + enrollment.Location = "/cps/v2/enrollments/1" + enrollment.PendingChanges = []cps.PendingChange{ + { + Location: "/cps/v2/enrollments/1/changes/2", + ChangeType: "new-certificate", + }, + } + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&enrollment, nil).Once() + + // first verification loop, invalid status + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: "pre-verification-safety-checks", + }, + }, nil).Once() + + // second verification loop, valid status, empty allowed input array + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: coodinateDomainValidation, + }, + }, nil).Once() + + // final verification loop, everything in place + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{{Type: "third-party-certificate"}}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: waitUploadThirdParty, + }, + }, nil).Once() + + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&enrollment, nil).Times(3) + + enrollmentUpdate := newEnrollment( + WithBase(&enrollment), + WithUpdateFunc(func(e *cps.GetEnrollmentResponse) { + e.AdminContact.FirstName = "R1" + e.AdminContact.LastName = "D1" + e.CSR.SANS = nil + e.NetworkConfiguration.DNSNameSettings.DNSNames = nil + e.Location = "" + e.PendingChanges = nil + e.SignatureAlgorithm = "SHA-256" + }), + ) + + enrollmentUpdateReqBody := createEnrollmentReqBodyFromEnrollment(enrollmentUpdate) + allowCancel := true + client.On("UpdateEnrollment", + mock.Anything, + cps.UpdateEnrollmentRequest{ + EnrollmentRequestBody: enrollmentUpdateReqBody, + EnrollmentID: 1, + AllowCancelPendingChanges: &allowCancel, + }, + ).Return(&cps.UpdateEnrollmentResponse{ + ID: 1, + Enrollment: "/cps/v2/enrollments/1", + Changes: []string{"/cps/v2/enrollments/1/changes/2"}, + }, nil).Once() + + enrollmentGet := newEnrollment( + WithBase(&enrollmentUpdate), + WithPendingChangeID(2), + ) + client.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{EnrollmentID: 1}). + Return(&enrollmentGet, nil).Times(3) + + client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ + EnrollmentID: 1, + ChangeID: 2, + }).Return(&cps.Change{ + AllowedInput: []cps.AllowedInput{{Type: "third-party-certificate"}}, + StatusInfo: &cps.StatusInfo{ + State: "awaiting-input", + Status: waitReviewCertWarning, + }, + }, nil).Once() + + client.On("RemoveEnrollment", mock.Anything, cps.RemoveEnrollmentRequest{ + EnrollmentID: 1, + AllowCancelPendingChanges: &allowCancel, + }).Return(&cps.RemoveEnrollmentResponse{ + Enrollment: "1", + }, nil).Once() + + useClient(client, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestResThirdPartyEnrollment/lifecycle/create_enrollment.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_third_party_enrollment.third_party", "contract_id", "ctr_1"), + resource.TestCheckResourceAttr("akamai_cps_third_party_enrollment.third_party", "timeouts.#", "1"), + resource.TestCheckResourceAttr("akamai_cps_third_party_enrollment.third_party", "timeouts.0.default", "2h"), + ), + }, + { + Config: testutils.LoadFixtureString(t, "testdata/TestResThirdPartyEnrollment/empty_sans/create_enrollment.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_cps_third_party_enrollment.third_party", "contract_id", "ctr_1"), + resource.TestCheckResourceAttr("akamai_cps_third_party_enrollment.third_party", "timeouts.#", "0"), + ), + }, + }, + }) + }) + + client.AssertExpectations(t) + }) + t.Run("lifecycle test update sans add cn", func(t *testing.T) { PollForChangeStatusInterval = 1 * time.Millisecond client := &cps.Mock{} @@ -210,7 +357,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -340,7 +487,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -456,7 +603,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -548,7 +695,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -648,7 +795,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -898,7 +1045,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "pre-verification-warnings-acknowledgement"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() @@ -1005,7 +1152,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusCoordinateDomainValidation, + Status: coodinateDomainValidation, }, }, nil).Once() @@ -1092,7 +1239,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: inputTypePreVerificationWarningsAck}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() @@ -1206,7 +1353,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "pre-verification-warnings-acknowledgement"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() @@ -1311,7 +1458,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "pre-verification-warnings-acknowledgement"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() @@ -1390,7 +1537,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { AllowedInput: []cps.AllowedInput{{Type: "pre-verification-warnings-acknowledgement"}}, StatusInfo: &cps.StatusInfo{ State: "awaiting-input", - Status: statusVerificationWarnings, + Status: waitReviewPreVerificationSafetyChecks, }, }, nil).Twice() diff --git a/pkg/providers/cps/resource_akamai_cps_upload_certificate.go b/pkg/providers/cps/resource_akamai_cps_upload_certificate.go index 50944be99..1d21b6080 100644 --- a/pkg/providers/cps/resource_akamai_cps_upload_certificate.go +++ b/pkg/providers/cps/resource_akamai_cps_upload_certificate.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "slices" "strconv" "strings" "time" @@ -209,7 +210,7 @@ func resourceCPSUploadCertificateRead(ctx context.Context, d *schema.ResourceDat if !ackChangeManagement && enrollment.ChangeManagement { statusToWaitFor = waitAckChangeManagement } - if err = waitForChangeStatus(ctx, client, enrollmentID, changeID, statusToWaitFor); err != nil { + if _, err = waitForChangeStatus(ctx, client, enrollmentID, changeID, statusToWaitFor); err != nil { return diag.FromErr(err) } } @@ -296,9 +297,10 @@ func resourceCPSUploadCertificateUpdate(ctx context.Context, d *schema.ResourceD return nil } - if err = waitForChangeStatus(ctx, client, enrollmentID, changeID, waitAckChangeManagement); err != nil { + if _, err = waitForChangeStatus(ctx, client, enrollmentID, changeID, waitAckChangeManagement); err != nil { return diag.FromErr(err) } + if err = sendACKChangeManagement(ctx, client, enrollmentID, changeID); err != nil { return diag.Errorf("could not acknowledge change management: %s", err) } @@ -379,7 +381,7 @@ func upsertUploadCertificate(ctx context.Context, d *schema.ResourceData, m inte } if enrollment.ChangeManagement && (attrs.ackChangeManagement || attrs.waitForDeployment) { - if err = waitForChangeStatus(ctx, client, attrs.enrollmentID, changeID, waitAckChangeManagement); err != nil { + if _, err = waitForChangeStatus(ctx, client, attrs.enrollmentID, changeID, waitAckChangeManagement); err != nil { return diag.FromErr(err) } @@ -407,28 +409,28 @@ func checkForTrustChainWithoutCert(attrs *attributes) error { } // waitForChangeStatus waits for provided status -func waitForChangeStatus(ctx context.Context, client cps.CPS, enrollmentID, changeID int, status string) error { +func waitForChangeStatus(ctx context.Context, client cps.CPS, enrollmentID, changeID int, statuses ...string) (*cps.Change, error) { change, err := sendGetChangeStatusReq(ctx, client, enrollmentID, changeID) if err != nil { - return fmt.Errorf("could not get change status: %s", err) + return nil, fmt.Errorf("could not get change status: %s", err) } - for change.StatusInfo.Status != status { + for !slices.Contains(statuses, change.StatusInfo.Status) { select { case <-time.After(PollForChangeStatusInterval): change, err = sendGetChangeStatusReq(ctx, client, enrollmentID, changeID) if err != nil { - return fmt.Errorf("could not get change status: %s", err) + return nil, fmt.Errorf("could not get change status: %s", err) } - if change.StatusInfo.Status == status { + if slices.Contains(statuses, change.StatusInfo.Status) { continue } case <-ctx.Done(): - return fmt.Errorf("retry timeout reached: incorrect status of a change: %s, %s", change.StatusInfo.Status, ctx.Err()) + return nil, fmt.Errorf("retry timeout reached: incorrect status of a change: %s, %s", change.StatusInfo.Status, ctx.Err()) } } - return nil + return change, nil } // waitUntilStatusPasses waits until the status provided as parameter passes and returns a new one diff --git a/pkg/providers/cps/resource_akamai_cps_upload_certificate_test.go b/pkg/providers/cps/resource_akamai_cps_upload_certificate_test.go index a41ff1902..1532c00d7 100644 --- a/pkg/providers/cps/resource_akamai_cps_upload_certificate_test.go +++ b/pkg/providers/cps/resource_akamai_cps_upload_certificate_test.go @@ -15,8 +15,6 @@ import ( "github.com/stretchr/testify/mock" ) -var someCheckingInProgressStatus = "live-check-action" - func TestResourceCPSUploadCertificate(t *testing.T) { tests := map[string]struct { init func(*testing.T, *cps.Mock, *cps.GetEnrollmentResponse, int, int) @@ -245,7 +243,7 @@ func TestResourceCPSUploadCertificateLifecycle(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, fourWarnings, enrollmentID, changeIDUpdated) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeIDUpdated) - mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, liveCheckAction) // read enrollmentAfterUpdate := copyEnrollmentWithEmptyPendingChanges(*enrollmentUpdated) mockGetEnrollment(m, enrollmentID, 1, enrollmentAfterUpdate) @@ -331,7 +329,7 @@ func TestCreateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeID, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeID) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeID) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) mockRead(m, enrollmentID, changeID, enrollment, certECDSAForTests, "", ECDSA, waitAckChangeManagement) }, enrollment: createEnrollment(2, 22, true, true), @@ -356,7 +354,7 @@ func TestCreateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeID, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeID) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeID) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) mockGetChangeStatus(m, enrollmentID, changeID, 1, waitAckChangeManagement) mockAcknowledgeChangeManagement(m, enrollmentID, changeID) @@ -504,10 +502,10 @@ func TestCreateCPSUploadCertificate(t *testing.T) { mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeID) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeID) mockGetChangeStatus(m, enrollmentID, changeID, 1, waitReviewThirdPartyCert) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) //read's call from upsert mockGetEnrollment(m, enrollmentID, 1, enrollment) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) mockGetChangeStatus(m, enrollmentID, changeID, 1, complete) mockGetChangeHistory(m, enrollmentID, 1, enrollment, RSA, certRSAForTests, "") //rest of the flow @@ -689,7 +687,7 @@ func TestReadCPSUploadCertificate(t *testing.T) { mockAcknowledgeChangeManagement(m, enrollmentID, changeID) mockGetEnrollment(m, enrollmentID, 1, enrollment) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) mockGetChangeStatus(m, enrollmentID, changeID, 1, complete) mockGetChangeHistory(m, enrollmentID, 1, enrollment, RSA, certRSAForTests, trustChainRSAForTests) @@ -786,7 +784,7 @@ func TestUpdateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeID, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeID) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeID) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) mockReadForUpdate(m, enrollmentID, changeID, enrollment, certRSAForTests, trustChainRSAForTests, RSA, waitAckChangeManagement) mockGetEnrollment(m, enrollmentID, 1, enrollment) mockGetChangeStatus(m, enrollmentID, changeID, 1, waitAckChangeManagement) @@ -809,7 +807,7 @@ func TestUpdateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeID, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeID) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeID) - mockGetChangeStatus(m, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeID, 1, liveCheckAction) mockReadForUpdate(m, enrollmentID, changeID, enrollment, certRSAForTests, trustChainRSAForTests, RSA, waitAckChangeManagement) mockGetEnrollment(m, enrollmentID, 1, enrollment) mockGetChangeStatus(m, enrollmentID, changeID, 1, waitAckChangeManagement) @@ -862,7 +860,7 @@ func TestUpdateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeIDUpdated) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeIDUpdated) - mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, liveCheckAction) enrollmentAfterUpdate := copyEnrollmentWithEmptyPendingChanges(*enrollmentUpdated) mockReadForComplete(m, enrollmentID, enrollmentAfterUpdate, certRSAUpdatedForTests, "", RSA) @@ -895,7 +893,7 @@ func TestUpdateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeIDUpdated) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeIDUpdated) - mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, liveCheckAction) enrollmentAfterUpdate := copyEnrollmentWithEmptyPendingChanges(*enrollmentUpdated) mockGetEnrollment(m, enrollmentID, 1, enrollmentAfterUpdate) @@ -935,7 +933,7 @@ func TestUpdateCPSUploadCertificate(t *testing.T) { mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(m, threeWarnings, enrollmentID, changeIDUpdated) mockAcknowledgePostVerificationWarnings(m, enrollmentID, changeIDUpdated) - mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, someCheckingInProgressStatus) + mockGetChangeStatus(m, enrollmentID, changeIDUpdated, 1, liveCheckAction) enrollmentAfterUpdate := copyEnrollmentWithEmptyPendingChanges(*enrollmentUpdated) mockReadForComplete(m, enrollmentID, enrollmentAfterUpdate, certRSAUpdatedForTests, "", RSA) @@ -1380,7 +1378,7 @@ var ( mockGetChangeStatus(client, enrollmentID, changeID, 1, waitReviewThirdPartyCert) mockGetPostVerificationWarnings(client, "Certificate Added to the new Trust Chain: TEST\nThere is a problem deploying the 'RSA' certificate. Please contact your Akamai support team to resolve the issue.\nCertificate data is blank or missing.", enrollmentID, changeID) mockAcknowledgePostVerificationWarnings(client, enrollmentID, changeID) - mockGetChangeStatus(client, enrollmentID, changeID, 1, someCheckingInProgressStatus) + mockGetChangeStatus(client, enrollmentID, changeID, 1, liveCheckAction) } // mockReadForComplete mocks Read functions when cert has been already deployed to production (status = complete) diff --git a/pkg/providers/cps/testdata/TestResDVValidation/create_validation_with_ack_post_verification.tf b/pkg/providers/cps/testdata/TestResDVValidation/create_validation_with_ack_post_verification.tf new file mode 100644 index 000000000..b3e5a2209 --- /dev/null +++ b/pkg/providers/cps/testdata/TestResDVValidation/create_validation_with_ack_post_verification.tf @@ -0,0 +1,11 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_cps_dv_validation" "dv_validation" { + enrollment_id = 1 + sans = [ + "san.test.akamai.com", + ] + acknowledge_post_verification_warnings = true +} \ No newline at end of file From ebd3b1877ea44e7248f3a98b40dc441f60b0b8b0 Mon Sep 17 00:00:00 2001 From: Michal Mazur Date: Wed, 24 Jul 2024 14:09:52 +0000 Subject: [PATCH 04/17] DXE-3712 Incorrect log fix --- CHANGELOG.md | 3 ++- ...ce_akamai_cloudlets_application_load_balancer_activation.go | 2 +- .../cloudlets/resource_akamai_cloudlets_policy_activation.go | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22ce5b820..733d349cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,7 +32,6 @@ - * CPS * Added `acknowledge_post_verification_warnings` to the `akamai_cps_dv_validation` resource to allow for acknowledgement of post-verification warnings @@ -68,6 +67,8 @@ +* Cloudlets + * Corrected format of the retry time when logging in `akamai_cloudlets_application_load_balancer_activation` and `akamai_cloudlets_policy_activation` resources diff --git a/pkg/providers/cloudlets/resource_akamai_cloudlets_application_load_balancer_activation.go b/pkg/providers/cloudlets/resource_akamai_cloudlets_application_load_balancer_activation.go index 3694ab12b..32bd866fe 100644 --- a/pkg/providers/cloudlets/resource_akamai_cloudlets_application_load_balancer_activation.go +++ b/pkg/providers/cloudlets/resource_akamai_cloudlets_application_load_balancer_activation.go @@ -251,7 +251,7 @@ func resourceApplicationLoadBalancerActivationChange(ctx context.Context, rd *sc select { case <-time.After(pollingActivationTries): - logger.Debugf("retrying ALB activation after %d minutes", pollingActivationTries.Minutes()) + logger.Debugf("retrying ALB activation after %s", pollingActivationTries) pollingActivationTries = 2 * pollingActivationTries if pollingActivationTries > ApplicationLoadBalancerActivationRetryTimeout || !strings.Contains(strings.ToLower(err.Error()), ErrApplicationLoadBalancerActivationOriginNotDefined.Error()) { diff --git a/pkg/providers/cloudlets/resource_akamai_cloudlets_policy_activation.go b/pkg/providers/cloudlets/resource_akamai_cloudlets_policy_activation.go index c0f83a32f..e0cda453c 100644 --- a/pkg/providers/cloudlets/resource_akamai_cloudlets_policy_activation.go +++ b/pkg/providers/cloudlets/resource_akamai_cloudlets_policy_activation.go @@ -276,7 +276,7 @@ func resourcePolicyActivationCreate(ctx context.Context, rd *schema.ResourceData select { case <-time.After(pollingActivationTries): - logger.Debugf("retrying policy activation after %d minutes", pollingActivationTries.Minutes()) + logger.Debugf("retrying policy activation after %s", pollingActivationTries) if pollingActivationTries > PolicyActivationRetryTimeout || !strategy.shouldRetryActivation(err) { return diag.Errorf("%v create: %s", ErrPolicyActivation, err.Error()) } From 7a86a61f82d42dcb8f5379375eb8b64cf6739647 Mon Sep 17 00:00:00 2001 From: Michal Wojcik Date: Mon, 29 Jul 2024 11:06:09 +0000 Subject: [PATCH 05/17] DXE-4054 [GH#567] Provider producing an inconsistent final plan with Cloudlet policy --- CHANGELOG.md | 5 +++-- .../property/resource_akamai_property.go | 19 +++++++++++++------ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 733d349cd..6d7e5a41a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -74,8 +74,9 @@ - - +* PAPI + * Fixed issue with provider producing an inconsistent final plan with Cloudlet policy ([I#567](https://github.com/akamai/terraform-provider-akamai/issues/567)). + It happened in cases when content of the rule depends on some other resource diff --git a/pkg/providers/property/resource_akamai_property.go b/pkg/providers/property/resource_akamai_property.go index 2da8af9bf..552a32e1b 100644 --- a/pkg/providers/property/resource_akamai_property.go +++ b/pkg/providers/property/resource_akamai_property.go @@ -386,13 +386,16 @@ func canTriggerNewPropertyVersion(rc tf.ResourceChangeFetcher, rd tf.ResourceDat o, n := rc.GetChange("rules") var oldRules papi.RulesUpdate - if err := json.Unmarshal([]byte(o.(string)), &oldRules); err != nil { - return false, fmt.Errorf("'old' = %s, unmarshal: %w", o.(string), err) + if o.(string) != "" { + if err := json.Unmarshal([]byte(o.(string)), &oldRules); err != nil { + return false, fmt.Errorf("'old' = %s, unmarshal: %w", o.(string), err) + } } - var newRules papi.RulesUpdate - if err := json.Unmarshal([]byte(n.(string)), &newRules); err != nil { - return false, fmt.Errorf("'new' = %s, unmarshal: %w", n.(string), err) + if n.(string) != "" { + if err := json.Unmarshal([]byte(n.(string)), &newRules); err != nil { + return false, fmt.Errorf("'new' = %s, unmarshal: %w", n.(string), err) + } } versionNotes, _ := rd.GetOk("version_notes") @@ -409,7 +412,11 @@ func canTriggerNewPropertyVersion(rc tf.ResourceChangeFetcher, rd tf.ResourceDat // It's crucial for avoiding inconsistent plan errors if it's used in akamai_property_activation resource. func setPropertyVersionsComputed(_ context.Context, rd *schema.ResourceDiff, _ interface{}) error { rawData := tf.NewRawConfig(rd) - if ok, err := canTriggerNewPropertyVersion(rd, rawData); err != nil || !ok { + ok, err := canTriggerNewPropertyVersion(rd, rawData) + if err != nil { + return err + } + if !ok { return nil } From d8ad7a2d45c104da7cc1ee67896496b382367c4f Mon Sep 17 00:00:00 2001 From: Michal Wojcik Date: Fri, 9 Aug 2024 08:15:15 +0000 Subject: [PATCH 06/17] DXE-4101 bump terraform plugin testing --- CHANGELOG.md | 4 +- go.mod | 34 ++++---- go.sum | 84 +++++++++---------- .../resource_akamai_clientlists_list_test.go | 15 ++-- ..._akamai_cloudaccess_key_properties_test.go | 16 ++-- .../data_akamai_cloudaccess_key_test.go | 2 +- .../data_akamai_cloudaccess_keys_test.go | 6 +- ...akamai_cloudlets_policy_activation_test.go | 8 +- ...ata_akamai_cloudlets_shared_policy_test.go | 18 ++-- ...ata_akamai_cloudwrapper_capacities_test.go | 10 +-- ..._akamai_cloudwrapper_configuration_test.go | 8 +- ...akamai_cloudwrapper_configurations_test.go | 14 ++-- .../data_akamai_cloudwrapper_location_test.go | 2 +- ...data_akamai_cloudwrapper_locations_test.go | 6 +- ...ata_akamai_cloudwrapper_properties_test.go | 14 ++-- pkg/providers/cps/data_akamai_cps_csr_test.go | 16 ++-- .../cps/data_akamai_cps_enrollment_test.go | 30 +++---- .../cps/data_akamai_cps_enrollments_test.go | 14 ++-- .../resource_akamai_cps_dv_enrollment_test.go | 32 ++----- ..._akamai_cps_third_party_enrollment_test.go | 16 ++-- .../data_akamai_edgekv_group_items_test.go | 4 +- .../data_akamai_edgekv_groups_test.go | 2 +- .../data_akamai_edgeworker_activation_test.go | 10 +-- .../data_akamai_edgeworker_test.go | 20 ++--- .../gtm/data_akamai_gtm_datacenter_test.go | 12 +-- .../gtm/data_akamai_gtm_datacenters_test.go | 8 +- ...source_akamai_imaging_policy_image_test.go | 1 - .../data_akamai_property_activation_test.go | 8 +- ...akamai_property_include_activation_test.go | 16 ++-- ...ta_akamai_property_include_parents_test.go | 6 +- ...data_akamai_property_include_rules_test.go | 10 +-- .../data_akamai_property_includes_test.go | 46 +++++----- .../resource_akamai_property_include_test.go | 4 +- .../property/resource_akamai_property_test.go | 4 +- 34 files changed, 242 insertions(+), 258 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d7e5a41a..809846d85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,8 +19,8 @@ #### FEATURES/ENHANCEMENTS: - - +* Global + * Updated SDKv2 and framework libraries as result of updating `terraform-plugin-testing` diff --git a/go.mod b/go.mod index 5b520abc4..64e37bc4d 100644 --- a/go.mod +++ b/go.mod @@ -12,15 +12,15 @@ require ( github.com/google/uuid v1.6.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 - github.com/hashicorp/go-hclog v1.6.2 + github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/terraform-plugin-framework v1.8.0 github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1 github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 github.com/hashicorp/terraform-plugin-go v0.23.0 github.com/hashicorp/terraform-plugin-log v0.9.0 github.com/hashicorp/terraform-plugin-mux v0.16.0 - github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 - github.com/hashicorp/terraform-plugin-testing v1.5.1 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 + github.com/hashicorp/terraform-plugin-testing v1.9.0 github.com/iancoleman/strcase v0.3.0 github.com/jedib0t/go-pretty/v6 v6.0.4 github.com/jinzhu/copier v0.3.2 @@ -28,11 +28,11 @@ require ( github.com/stretchr/testify v1.8.4 github.com/tj/assert v0.0.3 golang.org/x/exp v0.0.0-20230809150735-7b3493d9a819 - golang.org/x/sync v0.6.0 + golang.org/x/sync v0.7.0 ) require ( - github.com/ProtonMail/go-crypto v1.1.0-alpha.0 // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect @@ -47,12 +47,12 @@ require ( github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hc-install v0.6.3 // indirect - github.com/hashicorp/hcl/v2 v2.20.0 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect + github.com/hashicorp/hc-install v0.7.0 // indirect + github.com/hashicorp/hcl/v2 v2.21.0 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-exec v0.20.0 // indirect - github.com/hashicorp/terraform-json v0.21.0 // indirect + github.com/hashicorp/terraform-exec v0.21.0 // indirect + github.com/hashicorp/terraform-json v0.22.1 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect @@ -73,14 +73,14 @@ require ( github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect - github.com/zclconf/go-cty v1.14.3 // indirect + github.com/zclconf/go-cty v1.14.4 // indirect go.uber.org/ratelimit v0.2.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.13.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/text v0.16.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect google.golang.org/grpc v1.63.2 // indirect diff --git a/go.sum b/go.sum index ee33c48d2..909a1827c 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v1.1.0-alpha.0 h1:nHGfwXmFvJrSR9xu8qL7BkO4DqTHXE9N5vPhgY2I+j0= -github.com/ProtonMail/go-crypto v1.1.0-alpha.0/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= +github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.3.0 h1:hB9ddRrmjfrxchN4NWABj3eT5PtkBAFRkxe5eqwBB7k= @@ -48,8 +48,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= -github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= +github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es= github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew= @@ -80,8 +80,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= -github.com/hashicorp/go-hclog v1.6.2 h1:NOtoftovWkDheyUM/8JW3QMiXyxJK3uHRK7wV04nD2I= -github.com/hashicorp/go-hclog v1.6.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= @@ -89,18 +89,18 @@ github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.6.3 h1:yE/r1yJvWbtrJ0STwScgEnCanb0U9v7zp0Gbkmcoxqs= -github.com/hashicorp/hc-install v0.6.3/go.mod h1:KamGdbodYzlufbWh4r9NRo8y6GLHWZP2GBtdnms1Ln0= -github.com/hashicorp/hcl/v2 v2.20.0 h1:l++cRs/5jQOiKVvqXZm/P1ZEfVXJmvLS9WSVxkaeTb4= -github.com/hashicorp/hcl/v2 v2.20.0/go.mod h1:WmcD/Ym72MDOOx5F62Ly+leloeu6H7m0pG7VBiU6pQk= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk= +github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA= +github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= +github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= -github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= -github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= -github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= +github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= +github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= +github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= +github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= github.com/hashicorp/terraform-plugin-framework v1.8.0 h1:P07qy8RKLcoBkCrY2RHJer5AEvJnDuXomBgou6fD8kI= github.com/hashicorp/terraform-plugin-framework v1.8.0/go.mod h1:/CpTukO88PcL/62noU7cuyaSJ4Rsim+A/pa+3rUVufY= github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1 h1:gm5b1kHgFFhaKFhm4h2TgvMUlNzFAtUqlcOWnWPm+9E= @@ -113,10 +113,10 @@ github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9T github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-plugin-mux v0.16.0 h1:RCzXHGDYwUwwqfYYWJKBFaS3fQsWn/ZECEiW7p2023I= github.com/hashicorp/terraform-plugin-mux v0.16.0/go.mod h1:PF79mAsPc8CpusXPfEVa4X8PtkB+ngWoiUClMrNZlYo= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= -github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c= -github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 h1:kJiWGx2kiQVo97Y5IOGR4EMcZ8DtMswHhUuFibsCQQE= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0/go.mod h1:sl/UoabMc37HA6ICVMmGO+/0wofkVIRxf+BMb/dnoIg= +github.com/hashicorp/terraform-plugin-testing v1.9.0 h1:xOsQRqqlHKXpFq6etTxih3ubdK3HVDtfE1IY7Rpd37o= +github.com/hashicorp/terraform-plugin-testing v1.9.0/go.mod h1:fhhVx/8+XNJZTD5o3b4stfZ6+q7z9+lIWigIYdT6/44= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -148,8 +148,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -194,10 +192,10 @@ github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= -github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= +github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= @@ -233,8 +231,10 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.14.3 h1:1JXy1XroaGrzZuG6X9dt7HL6s9AwbY+l4UNL8o5B6ho= -github.com/zclconf/go-cty v1.14.3/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= +github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= +github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= @@ -242,25 +242,25 @@ go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6m golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20230809150735-7b3493d9a819 h1:EDuYyU/MkFXllv9QF9819VlI9a4tzGuCbhG0ExK9o1U= golang.org/x/exp v0.0.0-20230809150735-7b3493d9a819/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180816055513-1c9583448a9c/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -277,8 +277,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -286,13 +286,13 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= diff --git a/pkg/providers/clientlists/resource_akamai_clientlists_list_test.go b/pkg/providers/clientlists/resource_akamai_clientlists_list_test.go index 0759cf373..30bbbe960 100644 --- a/pkg/providers/clientlists/resource_akamai_clientlists_list_test.go +++ b/pkg/providers/clientlists/resource_akamai_clientlists_list_test.go @@ -81,7 +81,7 @@ func TestResourceClientList(t *testing.T) { return &updateResponse } - expectUpdateListItems = func(t *testing.T, client *clientlists.Mock, req clientlists.UpdateClientListItemsRequest) *clientlists.UpdateClientListItemsResponse { + expectUpdateListItems = func(_ *testing.T, client *clientlists.Mock, req clientlists.UpdateClientListItemsRequest) *clientlists.UpdateClientListItemsResponse { appended := make([]clientlists.ListItemContent, 0, len(req.Append)) for _, v := range req.Append { appended = append(appended, clientlists.ListItemContent{ @@ -120,7 +120,7 @@ func TestResourceClientList(t *testing.T) { return &updateResponse } - expectReadList = func(t *testing.T, client *clientlists.Mock, list clientlists.ListContent, items []clientlists.ListItemContent, callTimes int) { + expectReadList = func(_ *testing.T, client *clientlists.Mock, list clientlists.ListContent, items []clientlists.ListItemContent, callTimes int) { clientListGetReq := clientlists.GetClientListRequest{ ListID: list.ListID, IncludeItems: true, @@ -135,19 +135,19 @@ func TestResourceClientList(t *testing.T) { client.On("GetClientList", mock.Anything, clientListGetReq).Return(&clientList, nil).Times(callTimes) } - expectDeleteList = func(t *testing.T, client *clientlists.Mock, list clientlists.ListContent) { + expectDeleteList = func(_ *testing.T, client *clientlists.Mock, list clientlists.ListContent) { clientListDeleteReq := clientlists.DeleteClientListRequest{ ListID: list.ListID, } client.On("DeleteClientList", mock.Anything, clientListDeleteReq).Return(nil).Once() } - expectAPIErrorWithUpdateList = func(t *testing.T, client *clientlists.Mock, req clientlists.UpdateClientListRequest) { + expectAPIErrorWithUpdateList = func(_ *testing.T, client *clientlists.Mock, req clientlists.UpdateClientListRequest) { err := fmt.Errorf(updateAPIError) client.On("UpdateClientList", mock.Anything, req).Return(nil, err).Once() } - expectAPIErrorWithGetList = func(t *testing.T, client *clientlists.Mock, req clientlists.GetClientListRequest) { + expectAPIErrorWithGetList = func(_ *testing.T, client *clientlists.Mock, req clientlists.GetClientListRequest) { err := fmt.Errorf(getAPIError) client.On("GetClientList", mock.Anything, req).Return(nil, err).Once() } @@ -786,10 +786,7 @@ func TestResourceClientList(t *testing.T) { Delete: []clientlists.ListItemPayload{}, }, }) - // Fake version update - updatedClientList := clientList.ListContent - updatedClientList.Version = 2 - expectReadList(t, client, updatedClientList, mapItemsPayloadToContent(updatedItems), 2) + expectReadList(t, client, clientList.ListContent, mapItemsPayloadToContent(updatedItems), 2) expectDeleteList(t, client, clientList.ListContent) useClient(client, func() { diff --git a/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_properties_test.go b/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_properties_test.go index d86355b3d..5c22f137c 100644 --- a/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_properties_test.go +++ b/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_properties_test.go @@ -37,10 +37,10 @@ func TestDataKeyProperties(t *testing.T) { }{ "happy path - multiple versions with multiple properties": { configPath: "testdata/TestDataKeyProperties/default.tf", - init: func(t *testing.T, m *cloudaccess.Mock, testData testDataForKeyProperties) { - expectListAccessKeys(m, 5) - expectListAccessKeyVersions(m, testData, 5) - expectLookupProperties(m, testData, 5) + init: func(_ *testing.T, m *cloudaccess.Mock, testData testDataForKeyProperties) { + expectListAccessKeys(m, 3) + expectListAccessKeyVersions(m, testData, 3) + expectLookupProperties(m, testData, 3) }, mockData: testDataForKeyProperties{ accessKeyUID: 1, @@ -72,10 +72,10 @@ func TestDataKeyProperties(t *testing.T) { }, "happy path - version with no active properties - nothing in state": { configPath: "testdata/TestDataKeyProperties/default.tf", - init: func(t *testing.T, m *cloudaccess.Mock, testData testDataForKeyProperties) { - expectListAccessKeys(m, 5) - expectListAccessKeyVersions(m, testData, 5) - expectLookupProperties(m, testData, 5) + init: func(_ *testing.T, m *cloudaccess.Mock, testData testDataForKeyProperties) { + expectListAccessKeys(m, 3) + expectListAccessKeyVersions(m, testData, 3) + expectLookupProperties(m, testData, 3) }, mockData: testDataForKeyProperties{ accessKeyUID: 1, diff --git a/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_test.go b/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_test.go index 6e2bf4a31..a38f238c9 100644 --- a/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_test.go +++ b/pkg/providers/cloudaccess/data_akamai_cloudaccess_key_test.go @@ -82,7 +82,7 @@ func TestDataKey(t *testing.T) { "happy path": { configPath: "testdata/TestDataKey/default.tf", init: func(_ *testing.T, m *cloudaccess.Mock, testData []cloudaccess.AccessKeyResponse) { - expectListAccessKeys(m, testData, 5) + expectListAccessKeys(m, testData, 3) }, mockData: testData, }, diff --git a/pkg/providers/cloudaccess/data_akamai_cloudaccess_keys_test.go b/pkg/providers/cloudaccess/data_akamai_cloudaccess_keys_test.go index b46e12c42..f5615462f 100644 --- a/pkg/providers/cloudaccess/data_akamai_cloudaccess_keys_test.go +++ b/pkg/providers/cloudaccess/data_akamai_cloudaccess_keys_test.go @@ -41,7 +41,7 @@ func TestDataKeys(t *testing.T) { "happy path - multiple keys with various contents": { configPath: "testdata/TestDataKeys/default.tf", init: func(t *testing.T, m *cloudaccess.Mock, testData testDataForKeys) { - expectFullListAccessKeys(t, m, testData, 5) + expectFullListAccessKeys(t, m, testData, 3) }, mockData: testDataForKeys{ keys: []keyData{ @@ -89,12 +89,12 @@ func TestDataKeys(t *testing.T) { "happy path - no keys": { configPath: "testdata/TestDataKeys/default.tf", init: func(t *testing.T, m *cloudaccess.Mock, testData testDataForKeys) { - expectFullListAccessKeys(t, m, testData, 5) + expectFullListAccessKeys(t, m, testData, 3) }, }, "expect error on list access keys": { configPath: "testdata/TestDataKeys/default.tf", - init: func(t *testing.T, m *cloudaccess.Mock, _ testDataForKeys) { + init: func(_ *testing.T, m *cloudaccess.Mock, _ testDataForKeys) { m.On("ListAccessKeys", mock.Anything, cloudaccess.ListAccessKeysRequest{}). Return(nil, fmt.Errorf("API error")).Once() }, diff --git a/pkg/providers/cloudlets/data_akamai_cloudlets_policy_activation_test.go b/pkg/providers/cloudlets/data_akamai_cloudlets_policy_activation_test.go index a4653a89e..e33d89aba 100644 --- a/pkg/providers/cloudlets/data_akamai_cloudlets_policy_activation_test.go +++ b/pkg/providers/cloudlets/data_akamai_cloudlets_policy_activation_test.go @@ -95,8 +95,8 @@ func TestNonSharedPolicyActivationDataSource(t *testing.T) { PolicyID: data.policyID, Version: data.version, Status: cloudlets.PolicyActivationStatusInactive, }, PropertyInfo: cloudlets.PropertyInfo{Name: p}}) } - mockGetPolicyV2(m2, data, nil, 5) - expectListPolicyActivations(m2, data.policyID, data.version, data.network, data.properties, cloudlets.PolicyActivationStatusActive, "", 1, nil).Times(5) + mockGetPolicyV2(m2, data, nil, 3) + expectListPolicyActivations(m2, data.policyID, data.version, data.network, data.properties, cloudlets.PolicyActivationStatusActive, "", 1, nil).Times(3) }, check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("data.akamai_cloudlets_policy_activation.test", "policy_id", "1"), @@ -301,8 +301,8 @@ func TestSharedPolicyActivationDataSource(t *testing.T) { resource.TestCheckResourceAttr("data.akamai_cloudlets_policy_activation.test", "status", "SUCCESS"), ), init: func(m2 *cloudlets.Mock, m3 *v3.Mock, data testDataForSharedPolicyActivation) { - mockGetPolicyV2WithError(m2, data.policyID, &cloudlets.Error{StatusCode: http.StatusNotFound}, 5) - mockGetPolicyV3(m3, data, 10) + mockGetPolicyV2WithError(m2, data.policyID, &cloudlets.Error{StatusCode: http.StatusNotFound}, 3) + mockGetPolicyV3(m3, data, 6) }, }, "api error": { diff --git a/pkg/providers/cloudlets/data_akamai_cloudlets_shared_policy_test.go b/pkg/providers/cloudlets/data_akamai_cloudlets_shared_policy_test.go index 062c31e59..a32424ea2 100644 --- a/pkg/providers/cloudlets/data_akamai_cloudlets_shared_policy_test.go +++ b/pkg/providers/cloudlets/data_akamai_cloudlets_shared_policy_test.go @@ -87,8 +87,8 @@ func TestSharedPolicyDataSource(t *testing.T) { }, }, init: func(m *v3.Mock, data testDataForSharedPolicy) { - mockGetPolicy(m, data, 5) - mockGetPolicyVersion(m, data, 5) + mockGetPolicy(m, data, 3) + mockGetPolicyVersion(m, data, 3) }, }, "success with no version attribute - no activations and no match rules and warnings": { @@ -103,9 +103,9 @@ func TestSharedPolicyDataSource(t *testing.T) { description: "Description", }, init: func(m *v3.Mock, data testDataForSharedPolicy) { - mockGetPolicy(m, data, 5) - mockListPolicyVersions(m, data, 2, 5) - mockGetPolicyVersion(m, data, 5) + mockGetPolicy(m, data, 3) + mockListPolicyVersions(m, data, 2, 3) + mockGetPolicyVersion(m, data, 3) }, }, "success with no version attribute - no shared policy versions": { @@ -120,8 +120,8 @@ func TestSharedPolicyDataSource(t *testing.T) { description: "Description", }, init: func(m *v3.Mock, data testDataForSharedPolicy) { - mockGetPolicy(m, data, 5) - mockListPolicyVersions(m, data, 2, 5) + mockGetPolicy(m, data, 3) + mockListPolicyVersions(m, data, 2, 3) }, }, "success with version attribute - all activations": { @@ -211,8 +211,8 @@ func TestSharedPolicyDataSource(t *testing.T) { }, }, init: func(m *v3.Mock, data testDataForSharedPolicy) { - mockGetPolicy(m, data, 5) - mockGetPolicyVersion(m, data, 5) + mockGetPolicy(m, data, 3) + mockGetPolicyVersion(m, data, 3) }, }, "expect error on ListPolicyVersions": { diff --git a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_capacities_test.go b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_capacities_test.go index 12b0f95f7..c85266cd4 100644 --- a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_capacities_test.go +++ b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_capacities_test.go @@ -69,24 +69,24 @@ func TestCapacitiesDataSource(t *testing.T) { }, }, }, - init: func(t *testing.T, m *cloudwrapper.Mock, capacities []cloudwrapper.LocationCapacity) { + init: func(_ *testing.T, m *cloudwrapper.Mock, capacities []cloudwrapper.LocationCapacity) { resp := cloudwrapper.ListCapacitiesResponse{ Capacities: capacities, } - m.On("ListCapacities", mock.Anything, request).Return(&resp, nil).Times(5) + m.On("ListCapacities", mock.Anything, request).Return(&resp, nil).Times(3) }, }, "no capacities found": { respData: []cloudwrapper.LocationCapacity{}, - init: func(t *testing.T, m *cloudwrapper.Mock, capacities []cloudwrapper.LocationCapacity) { + init: func(_ *testing.T, m *cloudwrapper.Mock, capacities []cloudwrapper.LocationCapacity) { resp := cloudwrapper.ListCapacitiesResponse{ Capacities: capacities, } - m.On("ListCapacities", mock.Anything, request).Return(&resp, nil).Times(5) + m.On("ListCapacities", mock.Anything, request).Return(&resp, nil).Times(3) }, }, "listing capacities failed": { - init: func(t *testing.T, m *cloudwrapper.Mock, _ []cloudwrapper.LocationCapacity) { + init: func(_ *testing.T, m *cloudwrapper.Mock, _ []cloudwrapper.LocationCapacity) { err := fmt.Errorf("listing capacities failed") m.On("ListCapacities", mock.Anything, request).Return(nil, err).Once() }, diff --git a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configuration_test.go b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configuration_test.go index 0674d502f..6187b4884 100644 --- a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configuration_test.go +++ b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configuration_test.go @@ -134,15 +134,15 @@ func TestConfigurationDataSource(t *testing.T) { }{ "happy path - minimal data returned": { configPath: "testdata/TestDataConfiguration/default.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWConfiguration) { - expectGetConfiguration(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData testDataForCWConfiguration) { + expectGetConfiguration(m, testData, 3) }, mockData: minimalConfiguration, }, "happy path - all fields": { configPath: "testdata/TestDataConfiguration/default.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWConfiguration) { - expectGetConfiguration(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData testDataForCWConfiguration) { + expectGetConfiguration(m, testData, 3) }, mockData: configuration, }, diff --git a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configurations_test.go b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configurations_test.go index 0b8c5e462..281c2ebde 100644 --- a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configurations_test.go +++ b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_configurations_test.go @@ -22,8 +22,8 @@ func TestDataConfigurations(t *testing.T) { }{ "happy path- minimal data returned": { configPath: "testdata/TestDataConfigurations/default.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { - expectGetConfigurations(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { + expectGetConfigurations(m, testData, 3) }, mockData: []testDataForCWConfiguration{ minimalConfiguration, @@ -31,8 +31,8 @@ func TestDataConfigurations(t *testing.T) { }, "happy path - all fields": { configPath: "testdata/TestDataConfigurations/default.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { - expectGetConfigurations(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { + expectGetConfigurations(m, testData, 3) }, mockData: []testDataForCWConfiguration{ configuration, @@ -40,8 +40,8 @@ func TestDataConfigurations(t *testing.T) { }, "happy path - a few configurations": { configPath: "testdata/TestDataConfigurations/default.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { - expectGetConfigurations(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { + expectGetConfigurations(m, testData, 3) }, mockData: []testDataForCWConfiguration{ minimalConfiguration, @@ -50,7 +50,7 @@ func TestDataConfigurations(t *testing.T) { }, "error getting configuration": { configPath: "testdata/TestDataConfigurations/default.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData []testDataForCWConfiguration) { + init: func(_ *testing.T, m *cloudwrapper.Mock, _ []testDataForCWConfiguration) { m.On("ListConfigurations", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("get configuration failed")).Times(1) }, mockData: []testDataForCWConfiguration{ diff --git a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_location_test.go b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_location_test.go index 54a2aae1f..fcf6a8d62 100644 --- a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_location_test.go +++ b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_location_test.go @@ -70,7 +70,7 @@ func TestDataLocation(t *testing.T) { "happy path": { configPath: "testdata/TestDataLocation/location.tf", init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWLocation) { - expectListLocations(m, testData, 5) + expectListLocations(m, testData, 3) }, mockData: location, }, diff --git a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_locations_test.go b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_locations_test.go index dcf55d90c..245a7decb 100644 --- a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_locations_test.go +++ b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_locations_test.go @@ -69,14 +69,14 @@ func TestDataLocations(t *testing.T) { }{ "happy path": { configPath: "testdata/TestDataLocations/location.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWLocations) { - expectListLocations(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData testDataForCWLocations) { + expectListLocations(m, testData, 3) }, mockData: location, }, "error listing locations": { configPath: "testdata/TestDataLocations/location.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWLocations) { + init: func(_ *testing.T, m *cloudwrapper.Mock, _ testDataForCWLocations) { expectListLocationsWithError(m, 1) }, error: regexp.MustCompile("list locations failed"), diff --git a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_properties_test.go b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_properties_test.go index b801beeb0..c14f2861d 100644 --- a/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_properties_test.go +++ b/pkg/providers/cloudwrapper/data_akamai_cloudwrapper_properties_test.go @@ -21,8 +21,8 @@ func TestDataProperty(t *testing.T) { }{ "happy path - one property, unused-true": { configPath: "testdata/TestDataProperties/default_unused_true.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { - expectListProperties(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { + expectListProperties(m, testData, 3) }, mockData: testDataForCWProperties{ unused: true, @@ -40,7 +40,7 @@ func TestDataProperty(t *testing.T) { "happy path - two properties, unused-false, contract_ids supplied": { configPath: "testdata/TestDataProperties/default_unused_false.tf", init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { - expectListProperties(m, testData, 5) + expectListProperties(m, testData, 3) }, mockData: testDataForCWProperties{ contractIDs: []string{"ctr_1", "ctr_2"}, @@ -64,8 +64,8 @@ func TestDataProperty(t *testing.T) { }, "happy path - no optional attributes": { configPath: "testdata/TestDataProperties/no_attributes.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { - expectListProperties(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { + expectListProperties(m, testData, 3) }, mockData: testDataForCWProperties{ properties: []cloudwrapper.Property{ @@ -81,8 +81,8 @@ func TestDataProperty(t *testing.T) { }, "happy path - empty properties list": { configPath: "testdata/TestDataProperties/default_unused_false.tf", - init: func(t *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { - expectListProperties(m, testData, 5) + init: func(_ *testing.T, m *cloudwrapper.Mock, testData testDataForCWProperties) { + expectListProperties(m, testData, 3) }, mockData: testDataForCWProperties{ contractIDs: []string{"ctr_1", "ctr_2"}, diff --git a/pkg/providers/cps/data_akamai_cps_csr_test.go b/pkg/providers/cps/data_akamai_cps_csr_test.go index bb7a05988..bebd98a95 100644 --- a/pkg/providers/cps/data_akamai_cps_csr_test.go +++ b/pkg/providers/cps/data_akamai_cps_csr_test.go @@ -347,7 +347,7 @@ func TestDataCPSCSR(t *testing.T) { }{ "happy path with both algorithms with get change": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSR(t, m, testData, 5) + expectReadCPSCSR(t, m, testData, 3) }, mockData: bothAlgorithmsDataFromCSR, configPath: "testdata/TestDataCPSCSR/default.tf", @@ -355,7 +355,7 @@ func TestDataCPSCSR(t *testing.T) { }, "happy path with both algorithms with get change history": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSRWithHistory(t, m, testData, 5) + expectReadCPSCSRWithHistory(t, m, testData, 3) }, mockData: bothAlgorithmsDataWithGetChangeHistory, configPath: "testdata/TestDataCPSCSR/default.tf", @@ -363,7 +363,7 @@ func TestDataCPSCSR(t *testing.T) { }, "happy path with both algorithms with get longer change history": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSRWithHistory(t, m, testData, 5) + expectReadCPSCSRWithHistory(t, m, testData, 3) }, mockData: bothAlgorithmsDataWithGetLongerChangeHistory, configPath: "testdata/TestDataCPSCSR/default.tf", @@ -371,7 +371,7 @@ func TestDataCPSCSR(t *testing.T) { }, "happy path with RSA algorithm": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSR(t, m, testData, 5) + expectReadCPSCSR(t, m, testData, 3) }, mockData: RSAData, configPath: "testdata/TestDataCPSCSR/default.tf", @@ -379,7 +379,7 @@ func TestDataCPSCSR(t *testing.T) { }, "happy path with ECDSA algorithm": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSR(t, m, testData, 5) + expectReadCPSCSR(t, m, testData, 3) }, mockData: ECDSAData, configPath: "testdata/TestDataCPSCSR/default.tf", @@ -387,7 +387,7 @@ func TestDataCPSCSR(t *testing.T) { }, "no algorithms": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSR(t, m, testData, 5) + expectReadCPSCSR(t, m, testData, 3) }, mockData: noAlgorithmsData, configPath: "testdata/TestDataCPSCSR/no_algorithms.tf", @@ -395,14 +395,14 @@ func TestDataCPSCSR(t *testing.T) { }, "no pending changes": { init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) { - expectReadCPSCSRNoPendingChanges(t, m, testData, 5) + expectReadCPSCSRNoPendingChanges(t, m, testData, 3) }, mockData: noPendingChanges, configPath: "testdata/TestDataCPSCSR/no_algorithms.tf", error: nil, }, "enrollment_id not provided": { - init: func(t *testing.T, m *cps.Mock, testData testDataForCPSCSR) {}, + init: func(_ *testing.T, _ *cps.Mock, _ testDataForCPSCSR) {}, mockData: testDataForCPSCSR{}, configPath: "testdata/TestDataCPSCSR/no_enrollment_id.tf", error: regexp.MustCompile("Missing required argument"), diff --git a/pkg/providers/cps/data_akamai_cps_enrollment_test.go b/pkg/providers/cps/data_akamai_cps_enrollment_test.go index 08d8e8481..ff0969990 100644 --- a/pkg/providers/cps/data_akamai_cps_enrollment_test.go +++ b/pkg/providers/cps/data_akamai_cps_enrollment_test.go @@ -348,10 +348,10 @@ func TestDataEnrollment(t *testing.T) { "happy path without challenges": { enrollment: enrollmentDV1, enrollmentID: enrollment1ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment1ID, - }).Return(enrollmentDV1, nil).Times(5) + }).Return(enrollmentDV1, nil).Times(3) }, steps: []resource.TestStep{ { @@ -363,10 +363,10 @@ func TestDataEnrollment(t *testing.T) { "happy path with challenges": { enrollment: enrollmentDV2, enrollmentID: enrollment2ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment2ID, - }).Return(enrollmentDV2, nil).Times(5) + }).Return(enrollmentDV2, nil).Times(3) dvArray := mockDVArray() change := mockLetsEncryptChallenges() @@ -374,12 +374,12 @@ func TestDataEnrollment(t *testing.T) { m.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ ChangeID: changeID, EnrollmentID: enrollment2ID, - }).Return(change, nil).Times(5) + }).Return(change, nil).Times(3) m.On("GetChangeLetsEncryptChallenges", mock.Anything, cps.GetChangeRequest{ ChangeID: changeID, EnrollmentID: enrollment2ID, - }).Return(dvArray, nil).Times(5) + }).Return(dvArray, nil).Times(3) }, steps: []resource.TestStep{ { @@ -391,7 +391,7 @@ func TestDataEnrollment(t *testing.T) { "could not fetch an enrollment": { enrollment: enrollmentDV1, enrollmentID: enrollment1ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment1ID, }).Return(nil, fmt.Errorf("could not get an enrollment")).Once() @@ -406,7 +406,7 @@ func TestDataEnrollment(t *testing.T) { "could not fetch a change status": { enrollment: enrollmentDV2, enrollmentID: enrollment2ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment2ID, }).Return(enrollmentDV2, nil).Once() @@ -426,7 +426,7 @@ func TestDataEnrollment(t *testing.T) { "no changes on lets encrypt challenges": { enrollment: enrollmentDV2, enrollmentID: enrollment2ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment2ID, }).Return(enrollmentDV2, nil).Once() @@ -453,17 +453,17 @@ func TestDataEnrollment(t *testing.T) { "third party change type": { enrollment: enrollmentThirdParty, enrollmentID: enrollment3ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment3ID, - }).Return(enrollmentThirdParty, nil).Times(5) + }).Return(enrollmentThirdParty, nil).Times(3) change := mockThirdPartyCSRChallenges() m.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ ChangeID: changeID, EnrollmentID: enrollment3ID, - }).Return(change, nil).Times(5) + }).Return(change, nil).Times(3) }, steps: []resource.TestStep{ @@ -476,17 +476,17 @@ func TestDataEnrollment(t *testing.T) { "ev change type": { enrollment: enrollmentEV, enrollmentID: enrollment4ID, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("GetEnrollment", mock.Anything, cps.GetEnrollmentRequest{ EnrollmentID: enrollment4ID, - }).Return(enrollmentEV, nil).Times(5) + }).Return(enrollmentEV, nil).Times(3) change := mockEVChallenges() m.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ ChangeID: changeID, EnrollmentID: enrollment4ID, - }).Return(change, nil).Times(5) + }).Return(change, nil).Times(3) }, steps: []resource.TestStep{ diff --git a/pkg/providers/cps/data_akamai_cps_enrollments_test.go b/pkg/providers/cps/data_akamai_cps_enrollments_test.go index 2b8f018e7..88b229389 100644 --- a/pkg/providers/cps/data_akamai_cps_enrollments_test.go +++ b/pkg/providers/cps/data_akamai_cps_enrollments_test.go @@ -38,10 +38,10 @@ func TestDataEnrollments(t *testing.T) { }{ "happy path": { enrollments: *enrollmentsList, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("ListEnrollments", mock.Anything, cps.ListEnrollmentsRequest{ ContractID: contractID, - }).Return(enrollmentsList, nil).Times(5) + }).Return(enrollmentsList, nil).Times(3) }, steps: []resource.TestStep{ { @@ -52,7 +52,7 @@ func TestDataEnrollments(t *testing.T) { }, "could not fetch list of enrollments": { enrollments: *enrollmentsList, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("ListEnrollments", mock.Anything, cps.ListEnrollmentsRequest{ ContractID: contractID, }).Return(nil, fmt.Errorf("could not get list of enrollments")).Once() @@ -66,10 +66,10 @@ func TestDataEnrollments(t *testing.T) { }, "different change type enrollments": { enrollments: *enrollmentsThirdPartyList, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("ListEnrollments", mock.Anything, cps.ListEnrollmentsRequest{ ContractID: contractID, - }).Return(enrollmentsThirdPartyList, nil).Times(5) + }).Return(enrollmentsThirdPartyList, nil).Times(3) }, steps: []resource.TestStep{ @@ -81,10 +81,10 @@ func TestDataEnrollments(t *testing.T) { }, "no enrollments for given contract": { enrollments: cps.ListEnrollmentsResponse{}, - init: func(t *testing.T, m *cps.Mock) { + init: func(_ *testing.T, m *cps.Mock) { m.On("ListEnrollments", mock.Anything, cps.ListEnrollmentsRequest{ ContractID: contractID, - }).Return(emptyEnrollmentList, nil).Times(10) + }).Return(emptyEnrollmentList, nil).Times(6) }, steps: []resource.TestStep{ { diff --git a/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go b/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go index 18e79cfbf..a1bfc83c9 100644 --- a/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go +++ b/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go @@ -549,22 +549,6 @@ func TestResourceDVEnrollment(t *testing.T) { Domain: "test.akamai.com", ValidationStatus: "IN_PROGRESS", }, - { - Challenges: []cps.Challenge{ - {FullPath: "_acme-challenge.san.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, - {FullPath: "_acme-challenge.san.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, - }, - Domain: "san.test.akamai.com", - ValidationStatus: "IN_PROGRESS", - }, - { - Challenges: []cps.Challenge{ - {FullPath: "_acme-challenge.san2.test.akamai.com", ResponseBody: "abc123", Type: "http-01", Status: "pending"}, - {FullPath: "_acme-challenge.san2.test.akamai.com", ResponseBody: "abc123", Type: "dns-01", Status: "pending"}, - }, - Domain: "san2.test.akamai.com", - ValidationStatus: "IN_PROGRESS", - }, }}, nil).Twice() client.On("RemoveEnrollment", mock.Anything, cps.RemoveEnrollmentRequest{ @@ -2314,13 +2298,6 @@ func TestResourceDVEnrollmentImport(t *testing.T) { Steps: []resource.TestStep{ { Config: testutils.LoadFixtureString(t, "testdata/TestResDVEnrollment/import/import_enrollment.tf"), - ImportStateCheck: func(s []*terraform.InstanceState) error { - assert.Len(t, s, 1) - rs := s[0] - assert.Equal(t, "ctr_1", rs.Attributes["contract_id"]) - assert.Equal(t, "1", rs.Attributes["id"]) - return nil - }, }, { Config: testutils.LoadFixtureString(t, "testdata/TestResDVEnrollment/import/import_enrollment.tf"), @@ -2328,6 +2305,15 @@ func TestResourceDVEnrollmentImport(t *testing.T) { ImportStateId: id, ResourceName: "akamai_cps_dv_enrollment.dv", ImportStateVerify: true, + ImportStateCheck: func(s []*terraform.InstanceState) error { + assert.Len(t, s, 1) + rs := s[0] + assert.Equal(t, "ctr_1", rs.Attributes["contract_id"]) + assert.Equal(t, "1", rs.Attributes["id"]) + return nil + }, + // It looks that there bug in SDK that values for bool optional fields are not persisted on create + ImportStateVerifyIgnore: []string{"network_configuration.0.clone_dns_names", "network_configuration.0.quic_enabled"}, }, }, }) diff --git a/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go b/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go index ad9588992..f82630106 100644 --- a/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go +++ b/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go @@ -1644,13 +1644,6 @@ func TestResourceThirdPartyEnrollmentImport(t *testing.T) { Steps: []resource.TestStep{ { Config: testutils.LoadFixtureString(t, "testdata/TestResThirdPartyEnrollment/import/import_enrollment.tf"), - ImportStateCheck: func(s []*terraform.InstanceState) error { - assert.Len(t, s, 1) - rs := s[0] - assert.Equal(t, "ctr_1", rs.Attributes["contract_id"]) - assert.Equal(t, "1", rs.Attributes["id"]) - return nil - }, }, { Config: testutils.LoadFixtureString(t, "testdata/TestResThirdPartyEnrollment/import/import_enrollment.tf"), @@ -1658,6 +1651,15 @@ func TestResourceThirdPartyEnrollmentImport(t *testing.T) { ImportStateId: id, ResourceName: "akamai_cps_third_party_enrollment.third_party", ImportStateVerify: true, + ImportStateCheck: func(s []*terraform.InstanceState) error { + assert.Len(t, s, 1) + rs := s[0] + assert.Equal(t, "ctr_1", rs.Attributes["contract_id"]) + assert.Equal(t, "1", rs.Attributes["id"]) + return nil + }, + // It looks that there bug in SDK that values for bool optional fields are not persisted on create + ImportStateVerifyIgnore: []string{"network_configuration.0.clone_dns_names", "network_configuration.0.quic_enabled"}, }, }, }) diff --git a/pkg/providers/edgeworkers/data_akamai_edgekv_group_items_test.go b/pkg/providers/edgeworkers/data_akamai_edgekv_group_items_test.go index 09e429b93..a4a59b54e 100644 --- a/pkg/providers/edgeworkers/data_akamai_edgekv_group_items_test.go +++ b/pkg/providers/edgeworkers/data_akamai_edgekv_group_items_test.go @@ -27,7 +27,7 @@ func TestEdgeKVGroupItems(t *testing.T) { NamespaceID: "test_namespace", GroupID: "TestGroup", }, - }).Return(&edgeworkers.ListItemsResponse{"TestItem1", "TestItem2", "TestItem3"}, nil).Times(5) + }).Return(&edgeworkers.ListItemsResponse{"TestItem1", "TestItem2", "TestItem3"}, nil).Times(3) for k, v := range items { mockGetItemReq(client, k, edgeworkers.Item(v)) @@ -134,5 +134,5 @@ func mockGetItemReq(client *edgeworkers.Mock, itemID string, itemValue edgeworke NamespaceID: "test_namespace", GroupID: "TestGroup", }, - }).Return(&itemValue, nil).Times(5) + }).Return(&itemValue, nil).Times(3) } diff --git a/pkg/providers/edgeworkers/data_akamai_edgekv_groups_test.go b/pkg/providers/edgeworkers/data_akamai_edgekv_groups_test.go index 27221a061..a441a2cf1 100644 --- a/pkg/providers/edgeworkers/data_akamai_edgekv_groups_test.go +++ b/pkg/providers/edgeworkers/data_akamai_edgekv_groups_test.go @@ -18,7 +18,7 @@ func TestEdgeKVGroups(t *testing.T) { client.On("ListGroupsWithinNamespace", mock.Anything, edgeworkers.ListGroupsWithinNamespaceRequest{ Network: "staging", NamespaceID: "test_namespace"}). - Return([]string{"TestImportGroup", "TestGroup1", "TestGroup2", "TestGroup3", "TestGroup4"}, nil).Times(5) + Return([]string{"TestImportGroup", "TestGroup1", "TestGroup2", "TestGroup3", "TestGroup4"}, nil).Times(3) useClient(client, func() { resource.UnitTest(t, resource.TestCase{ ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), diff --git a/pkg/providers/edgeworkers/data_akamai_edgeworker_activation_test.go b/pkg/providers/edgeworkers/data_akamai_edgeworker_activation_test.go index c045bbba4..a80f31bc4 100644 --- a/pkg/providers/edgeworkers/data_akamai_edgeworker_activation_test.go +++ b/pkg/providers/edgeworkers/data_akamai_edgeworker_activation_test.go @@ -136,7 +136,7 @@ func TestDataEdgeWorkersActivation(t *testing.T) { }{ "happy path with one activation": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorkersActivation) { - expectReadEdgeWorkersActivation(t, m, testData, 5) + expectReadEdgeWorkersActivation(t, m, testData, 3) }, mockData: oneActivationData, configPath: "testdata/TestDataEdgeWorkersActivation/one_activation.tf", @@ -144,7 +144,7 @@ func TestDataEdgeWorkersActivation(t *testing.T) { }, "happy path with three activations": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorkersActivation) { - expectReadEdgeWorkersActivation(t, m, testData, 5) + expectReadEdgeWorkersActivation(t, m, testData, 3) }, mockData: threeActivationsData, configPath: "testdata/TestDataEdgeWorkersActivation/three_activations.tf", @@ -152,7 +152,7 @@ func TestDataEdgeWorkersActivation(t *testing.T) { }, "happy path with no activations": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorkersActivation) { - expectReadEmptyEdgeWorkersActivation(t, m, testData, 5) + expectReadEmptyEdgeWorkersActivation(t, m, testData, 3) }, mockData: noActivationsData, configPath: "testdata/TestDataEdgeWorkersActivation/no_activations.tf", @@ -160,14 +160,14 @@ func TestDataEdgeWorkersActivation(t *testing.T) { }, "activation status not complete": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorkersActivation) { - expectReadEmptyEdgeWorkersActivation(t, m, testData, 5) + expectReadEmptyEdgeWorkersActivation(t, m, testData, 3) }, mockData: wrongStatusData, configPath: "testdata/TestDataEdgeWorkersActivation/wrong_status.tf", error: nil, }, "could not list activations": { - init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorkersActivation) { + init: func(t *testing.T, m *edgeworkers.Mock, _ testDataForEdgeWorkersActivation) { expectListActivationsError(t, m, "could not fetch activations") }, mockData: testDataForEdgeWorkersActivation{}, diff --git a/pkg/providers/edgeworkers/data_akamai_edgeworker_test.go b/pkg/providers/edgeworkers/data_akamai_edgeworker_test.go index 67dc916e6..78c649b1f 100644 --- a/pkg/providers/edgeworkers/data_akamai_edgeworker_test.go +++ b/pkg/providers/edgeworkers/data_akamai_edgeworker_test.go @@ -251,7 +251,7 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { }{ "happy path with one version": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { - expectReadEdgeWorkersEdgeWorker(t, m, testData, 5) + expectReadEdgeWorkersEdgeWorker(t, m, testData, 3) }, mockData: oneVersionData, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_one_version.tf", @@ -259,7 +259,7 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { }, "happy path with 2 versions": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { - expectReadEdgeWorkersEdgeWorker(t, m, testData, 5) + expectReadEdgeWorkersEdgeWorker(t, m, testData, 3) }, mockData: twoVersionsData, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_two_versions.tf", @@ -267,7 +267,7 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { }, "happy path with one warning": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { - expectReadEdgeWorkersEdgeWorker(t, m, testData, 5) + expectReadEdgeWorkersEdgeWorker(t, m, testData, 3) }, mockData: oneWarningData, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_one_warning.tf", @@ -275,7 +275,7 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { }, "happy path with three warnings": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { - expectReadEdgeWorkersEdgeWorker(t, m, testData, 5) + expectReadEdgeWorkersEdgeWorker(t, m, testData, 3) }, mockData: threeWarningsData, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_three_warnings.tf", @@ -283,22 +283,22 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { }, "happy path without local bundle path specified": { init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { - expectReadEdgeWorkersEdgeWorker(t, m, testData, 5) + expectReadEdgeWorkersEdgeWorker(t, m, testData, 3) }, mockData: defaultBundlePathData, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_no_local_bundle.tf", error: nil, }, "no versions": { - init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { - expectReadEdgeWorkerNoVersions(m, noVersionsData, 5) + init: func(_ *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { + expectReadEdgeWorkerNoVersions(m, noVersionsData, 3) }, mockData: noVersionsData, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_no_versions.tf", error: nil, }, "could not get an edgeworker_id": { - init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { + init: func(_ *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { expectGetEdgeWorkerError(m, "could not get an edgeworker") }, mockData: oneVersionData, @@ -306,7 +306,7 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { error: regexp.MustCompile("could not get an edgeworker"), }, "could not list versions": { - init: func(t *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { + init: func(_ *testing.T, m *edgeworkers.Mock, testData testDataForEdgeWorker) { expectListEdgeWorkerVersionsError(m, "could not list edgeworker versions") }, mockData: oneVersionData, @@ -314,7 +314,7 @@ func TestDataEdgeWorkersEdgeWorker(t *testing.T) { error: regexp.MustCompile("could not list edgeworker versions"), }, "edgeworker_id not provided": { - init: func(t *testing.T, m *edgeworkers.Mock, worker testDataForEdgeWorker) {}, + init: func(_ *testing.T, m *edgeworkers.Mock, worker testDataForEdgeWorker) {}, mockData: testDataForEdgeWorker{}, configPath: "testdata/TestDataEdgeWorkersEdgeWorker/edgeworker_no_edgeworker_id.tf", error: regexp.MustCompile("Missing required argument"), diff --git a/pkg/providers/gtm/data_akamai_gtm_datacenter_test.go b/pkg/providers/gtm/data_akamai_gtm_datacenter_test.go index 5e50649fa..1b9c84eb5 100644 --- a/pkg/providers/gtm/data_akamai_gtm_datacenter_test.go +++ b/pkg/providers/gtm/data_akamai_gtm_datacenter_test.go @@ -21,27 +21,27 @@ func TestDataGTMDatacenter(t *testing.T) { }{ "happy path - all fields populated": { init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenter) { - mockGetDatacenter(t, m, data, 5) + mockGetDatacenter(t, m, data, 3) }, mockData: testGTMDatacenter, configPath: "testdata/TestDataGTMDatacenter/default.tf", }, "happy path - minimal fields": { init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenter) { - mockGetDatacenter(t, m, data, 5) + mockGetDatacenter(t, m, data, 3) }, mockData: testGTMDatacenterMinimal, configPath: "testdata/TestDataGTMDatacenter/default.tf", }, "happy path - no load_servers in default_load_object": { init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenter) { - mockGetDatacenter(t, m, data, 5) + mockGetDatacenter(t, m, data, 3) }, mockData: testGTMDatacenterNoLoadServers, configPath: "testdata/TestDataGTMDatacenter/default.tf", }, "error - GetDatacenter fail": { - init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenter) { + init: func(_ *testing.T, m *gtm.Mock, data testDataForGTMDatacenter) { m.On("GetDatacenter", mock.Anything, data.datacenterID, data.domain).Return( nil, fmt.Errorf("GetDatacenter error")).Once() }, @@ -50,12 +50,12 @@ func TestDataGTMDatacenter(t *testing.T) { error: regexp.MustCompile("GetDatacenter error"), }, "error - no domain attribute": { - init: func(t *testing.T, _ *gtm.Mock, _ testDataForGTMDatacenter) {}, + init: func(_ *testing.T, _ *gtm.Mock, _ testDataForGTMDatacenter) {}, configPath: "testdata/TestDataGTMDatacenter/no_domain.tf", error: regexp.MustCompile(`The argument "domain" is required, but no definition was found.`), }, "error - no datacenter_id attribute": { - init: func(t *testing.T, _ *gtm.Mock, _ testDataForGTMDatacenter) {}, + init: func(_ *testing.T, _ *gtm.Mock, _ testDataForGTMDatacenter) {}, configPath: "testdata/TestDataGTMDatacenter/no_datacenter_id.tf", error: regexp.MustCompile(`The argument "datacenter_id" is required, but no definition was found.`), }, diff --git a/pkg/providers/gtm/data_akamai_gtm_datacenters_test.go b/pkg/providers/gtm/data_akamai_gtm_datacenters_test.go index fa2bb0b5f..6092b5147 100644 --- a/pkg/providers/gtm/data_akamai_gtm_datacenters_test.go +++ b/pkg/providers/gtm/data_akamai_gtm_datacenters_test.go @@ -21,21 +21,21 @@ func TestDataGTMDatacenters(t *testing.T) { }{ "happy path - three datacenters": { init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenters) { - mockListDatacenters(t, m, data, 5) + mockListDatacenters(t, m, data, 3) }, mockData: testGTMDatacenters, configPath: "testdata/TestDataGTMDatacenters/default.tf", }, "happy path - one datacenter": { init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenters) { - mockListDatacenters(t, m, data, 5) + mockListDatacenters(t, m, data, 3) }, mockData: testGTMSingleDatacenter, configPath: "testdata/TestDataGTMDatacenters/default.tf", }, "happy path - no datacenters": { init: func(t *testing.T, m *gtm.Mock, data testDataForGTMDatacenters) { - mockListDatacenters(t, m, data, 5) + mockListDatacenters(t, m, data, 3) }, mockData: testGTMEmptyDatacenters, configPath: "testdata/TestDataGTMDatacenters/default.tf", @@ -50,7 +50,7 @@ func TestDataGTMDatacenters(t *testing.T) { error: regexp.MustCompile("ListDatacenters error"), }, "error - no domain attribute": { - init: func(t *testing.T, _ *gtm.Mock, _ testDataForGTMDatacenters) {}, + init: func(_ *testing.T, _ *gtm.Mock, _ testDataForGTMDatacenters) {}, configPath: "testdata/TestDataGTMDatacenters/no_domain.tf", error: regexp.MustCompile(`The argument "domain" is required, but no definition was found.`), }, diff --git a/pkg/providers/imaging/resource_akamai_imaging_policy_image_test.go b/pkg/providers/imaging/resource_akamai_imaging_policy_image_test.go index b5a3840f1..89836abb0 100644 --- a/pkg/providers/imaging/resource_akamai_imaging_policy_image_test.go +++ b/pkg/providers/imaging/resource_akamai_imaging_policy_image_test.go @@ -843,7 +843,6 @@ func TestResourcePolicyImage(t *testing.T) { }).Return(nil, fmt.Errorf("%s: %w", imaging.ErrGetPolicy, &imaging.Error{Status: http.StatusNotFound})).Once() expectReadPolicy(client, "test_policy", "test_policy_set", "test_contract", imaging.PolicyNetworkStaging, &policyOutput, 1) expectReadPolicy(client, "test_policy", "test_policy_set", "test_contract", imaging.PolicyNetworkStaging, &policyOutput, 1) - expectReadPolicy(client, "test_policy", "test_policy_set", "test_contract", imaging.PolicyNetworkStaging, &policyOutput, 1) expectDeletePolicy(client, "test_policy", "test_policy_set", "test_contract", imaging.PolicyNetworkStaging) expectDeletePolicy(client, "test_policy", "test_policy_set", "test_contract", imaging.PolicyNetworkProduction) diff --git a/pkg/providers/property/data_akamai_property_activation_test.go b/pkg/providers/property/data_akamai_property_activation_test.go index dd5ea7fac..5eb7ac802 100644 --- a/pkg/providers/property/data_akamai_property_activation_test.go +++ b/pkg/providers/property/data_akamai_property_activation_test.go @@ -34,7 +34,7 @@ func TestDataSourcePAPIPropertyActivation(t *testing.T) { NotifyEmails: []string{"some@example.com"}, }}}, } - expectGetActivations(m, "prp_test", activationsResponseDeactivated, nil).Times(5) + expectGetActivations(m, "prp_test", activationsResponseDeactivated, nil).Times(3) }, steps: []resource.TestStep{ { @@ -56,7 +56,7 @@ func TestDataSourcePAPIPropertyActivation(t *testing.T) { }, "check schema property activation - OK": { init: func(m *papi.Mock) { - expectGetActivations(m, "prp_test", generateActivationResponseMock("atv_activation1", "", 1, papi.ActivationTypeActivate, "2020-10-28T14:04:05Z", nil), nil).Times(5) + expectGetActivations(m, "prp_test", generateActivationResponseMock("atv_activation1", "", 1, papi.ActivationTypeActivate, "2020-10-28T14:04:05Z", nil), nil).Times(3) }, steps: []resource.TestStep{ { @@ -82,8 +82,8 @@ func TestDataSourcePAPIPropertyActivation(t *testing.T) { Version: papi.PropertyVersionGetItem{ PropertyVersion: 1, }, - }, nil).Times(5) - expectGetActivations(m, "prp_test", generateActivationResponseMock("atv_activation1", "", 1, papi.ActivationTypeActivate, "2020-10-28T14:04:05Z", nil), nil).Times(5) + }, nil).Times(3) + expectGetActivations(m, "prp_test", generateActivationResponseMock("atv_activation1", "", 1, papi.ActivationTypeActivate, "2020-10-28T14:04:05Z", nil), nil).Times(3) }, steps: []resource.TestStep{ { diff --git a/pkg/providers/property/data_akamai_property_include_activation_test.go b/pkg/providers/property/data_akamai_property_include_activation_test.go index e5e9c27ee..1e634067d 100644 --- a/pkg/providers/property/data_akamai_property_include_activation_test.go +++ b/pkg/providers/property/data_akamai_property_include_activation_test.go @@ -28,8 +28,8 @@ func TestDataPropertyIncludeActivation(t *testing.T) { network: stagingNetwork, activationsResponse: *createIncludeActivationsResponse(accountForTests, contractForTests, groupForTests, includeActivationsForTests), }, - init: func(t *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { - mockListIncludeActivation(m, attrs, 5) + init: func(_ *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { + mockListIncludeActivation(m, attrs, 3) }, configPath: "testdata/TestDataPropertyIncludeActivation/valid_staging.tf", }, @@ -42,7 +42,7 @@ func TestDataPropertyIncludeActivation(t *testing.T) { activationsResponse: *createIncludeActivationsResponse(accountForTests, contractForTests, groupForTests, includeActivationsForTests), }, init: func(t *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { - mockListIncludeActivation(m, attrs, 5) + mockListIncludeActivation(m, attrs, 3) }, configPath: "testdata/TestDataPropertyIncludeActivation/valid_production.tf", }, @@ -55,7 +55,7 @@ func TestDataPropertyIncludeActivation(t *testing.T) { activationsResponse: *createIncludeActivationsResponse(accountForTests, contractForTests, groupForTests, includeActivationsForTests[:2]), }, init: func(t *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { - mockListIncludeActivation(m, attrs, 5) + mockListIncludeActivation(m, attrs, 3) }, configPath: "testdata/TestDataPropertyIncludeActivation/no_activation_for_given_network.tf", }, @@ -68,7 +68,7 @@ func TestDataPropertyIncludeActivation(t *testing.T) { activationsResponse: *createIncludeActivationsResponse(accountForTests, contractForTests, groupForTests, includeActivationsWithLatestDeactivate), }, init: func(t *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { - mockListIncludeActivation(m, attrs, 5) + mockListIncludeActivation(m, attrs, 3) }, configPath: "testdata/TestDataPropertyIncludeActivation/valid_staging.tf", }, @@ -81,7 +81,7 @@ func TestDataPropertyIncludeActivation(t *testing.T) { activationsResponse: *createIncludeActivationsResponse(accountForTests, contractForTests, groupForTests, includeActivationsForTests[:2]), }, init: func(t *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { - mockListIncludeActivation(m, attrs, 5) + mockListIncludeActivation(m, attrs, 3) }, configPath: "testdata/TestDataPropertyIncludeActivation/valid_production.tf", }, @@ -108,8 +108,8 @@ func TestDataPropertyIncludeActivation(t *testing.T) { }), }), }, - init: func(t *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { - mockListIncludeActivation(m, attrs, 5) + init: func(_ *testing.T, m *papi.Mock, attrs includeActivationTestAttributes) { + mockListIncludeActivation(m, attrs, 3) }, configPath: "testdata/TestDataPropertyIncludeActivation/valid_staging.tf", }, diff --git a/pkg/providers/property/data_akamai_property_include_parents_test.go b/pkg/providers/property/data_akamai_property_include_parents_test.go index 8a1870993..18b7bc579 100644 --- a/pkg/providers/property/data_akamai_property_include_parents_test.go +++ b/pkg/providers/property/data_akamai_property_include_parents_test.go @@ -49,7 +49,7 @@ func TestDataPropertyIncludeParents(t *testing.T) { }, }, }, - }, nil).Times(5) + }, nil).Times(3) // run ListReferencedIncludes for each IncludeParent with different and not empty StagingVersion and ProductionVersion m.On("ListReferencedIncludes", mock.Anything, papi.ListReferencedIncludesRequest{ ContractID: "ctr_1", @@ -73,7 +73,7 @@ func TestDataPropertyIncludeParents(t *testing.T) { }, }, }, - }, nil).Times(5) + }, nil).Times(3) m.On("ListReferencedIncludes", mock.Anything, papi.ListReferencedIncludesRequest{ ContractID: "ctr_1", GroupID: "grp_1", @@ -96,7 +96,7 @@ func TestDataPropertyIncludeParents(t *testing.T) { }, }, }, - }, nil).Times(5) + }, nil).Times(3) }, expectedAttributes: map[string]string{ "parents.#": "3", diff --git a/pkg/providers/property/data_akamai_property_include_rules_test.go b/pkg/providers/property/data_akamai_property_include_rules_test.go index 9a5746294..9c56019c5 100644 --- a/pkg/providers/property/data_akamai_property_include_rules_test.go +++ b/pkg/providers/property/data_akamai_property_include_rules_test.go @@ -99,21 +99,21 @@ func TestDataPropertyIncludeRules(t *testing.T) { }{ "happy path include rules with rule errors": { init: func(t *testing.T, m *papi.Mock, testData testDataPropertyIncludeRules) { - expectReadPropertyRulesInclude(t, m, testData, 5, true, false, "rules_with_errors.json") + expectReadPropertyRulesInclude(t, m, testData, 3, true, false, "rules_with_errors.json") }, mockData: propertyIncludeRulesWithRuleErrors(testDataIncludeRules(t), testutils.LoadFixtureString(t, "%s/property-snippets/rule_errors.json", workdir)), configPath: "./testdata/TestDSPropertyIncludeRules/property_include_rules.tf", }, "happy path include rules with rules warnings": { init: func(t *testing.T, m *papi.Mock, testData testDataPropertyIncludeRules) { - expectReadPropertyRulesInclude(t, m, testData, 5, false, true, "rules_with_warnings.json") + expectReadPropertyRulesInclude(t, m, testData, 3, false, true, "rules_with_warnings.json") }, mockData: propertyIncludeRulesWithRuleWarnings(testDataIncludeRules(t), testutils.LoadFixtureString(t, "%s/property-snippets/rule_warnings.json", workdir)), configPath: "./testdata/TestDSPropertyIncludeRules/property_include_rules.tf", }, "happy path include rules with rules warnings and errors": { init: func(t *testing.T, m *papi.Mock, testData testDataPropertyIncludeRules) { - expectReadPropertyRulesInclude(t, m, testData, 5, true, true, "rules_with_errors_and_warnings.json") + expectReadPropertyRulesInclude(t, m, testData, 3, true, true, "rules_with_errors_and_warnings.json") }, mockData: propertyIncludeRulesWithRuleWarningsAndErrors(testDataIncludeRules(t), testutils.LoadFixtureString(t, "%s/property-snippets/rule_warnings.json", workdir), testutils.LoadFixtureString(t, "%s/property-snippets/rule_errors.json", workdir)), @@ -121,13 +121,13 @@ func TestDataPropertyIncludeRules(t *testing.T) { }, "happy path include rules": { init: func(t *testing.T, m *papi.Mock, testData testDataPropertyIncludeRules) { - expectReadPropertyRulesInclude(t, m, testData, 5, false, false, "rules_without_errors.json") + expectReadPropertyRulesInclude(t, m, testData, 3, false, false, "rules_without_errors.json") }, mockData: testDataIncludeRules(t), configPath: "./testdata/TestDSPropertyIncludeRules/property_include_rules.tf", }, "groupID not provided": { - init: func(t *testing.T, m *papi.Mock, testData testDataPropertyIncludeRules) {}, + init: func(_ *testing.T, m *papi.Mock, testData testDataPropertyIncludeRules) {}, configPath: "./testdata/TestDSPropertyIncludeRules/property_include_rules_no_group_id.tf", error: regexp.MustCompile("Missing required argument"), }, diff --git a/pkg/providers/property/data_akamai_property_includes_test.go b/pkg/providers/property/data_akamai_property_includes_test.go index ea9b9b069..2baa857ae 100644 --- a/pkg/providers/property/data_akamai_property_includes_test.go +++ b/pkg/providers/property/data_akamai_property_includes_test.go @@ -31,8 +31,8 @@ func TestDataPropertyIncludes(t *testing.T) { includesNumber: 10, includes: createIncludes(10, contractForTests, groupForTests, false, false), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 3) }, configPath: "testdata/TestDataPropertyIncludes/without_parent_property/list_includes_no_filters.tf", }, @@ -45,8 +45,8 @@ func TestDataPropertyIncludes(t *testing.T) { includesNumber: 10, includes: createIncludes(10, contractForTests, groupForTests, false, false), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 3) }, configPath: "testdata/TestDataPropertyIncludes/without_parent_property/list_includes_type_microservices.tf", }, @@ -59,8 +59,8 @@ func TestDataPropertyIncludes(t *testing.T) { includesNumber: 10, includes: createIncludes(10, contractForTests, groupForTests, false, false), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 3) }, configPath: "testdata/TestDataPropertyIncludes/without_parent_property/list_includes_type_common_settings.tf", }, @@ -73,8 +73,8 @@ func TestDataPropertyIncludes(t *testing.T) { includesNumber: 0, includes: nil, }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 3) }, configPath: "testdata/TestDataPropertyIncludes/without_parent_property/list_includes_no_filters.tf", }, @@ -87,8 +87,8 @@ func TestDataPropertyIncludes(t *testing.T) { includesNumber: 1, includes: createIncludes(3, contractForTests, groupForTests, true, true), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListIncludes(m, attrs.contractID, attrs.groupID, attrs.includes, attrs.includesNumber, 3) }, configPath: "testdata/TestDataPropertyIncludes/without_parent_property/list_includes_no_filters.tf", }, @@ -105,10 +105,10 @@ func TestDataPropertyIncludes(t *testing.T) { externalIncludes: createExternalIncludeData(2), includes: createIncludes(2, contractForTests, groupForTests, false, false), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 3) for i, include := range attrs.externalIncludes { - mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 5, attrs.includes[i]) + mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 3, attrs.includes[i]) } }, configPath: "testdata/TestDataPropertyIncludes/with_parent_property/list_available_includes_no_filters.tf", @@ -126,10 +126,10 @@ func TestDataPropertyIncludes(t *testing.T) { externalIncludes: createExternalIncludeData(15), includes: createIncludes(15, contractForTests, groupForTests, false, false), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 3) for i, include := range attrs.externalIncludes { - mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 5, attrs.includes[i]) + mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 3, attrs.includes[i]) } }, configPath: "testdata/TestDataPropertyIncludes/with_parent_property/list_available_includes_type_microservices.tf", @@ -147,10 +147,10 @@ func TestDataPropertyIncludes(t *testing.T) { externalIncludes: createExternalIncludeData(30), includes: createIncludes(30, contractForTests, groupForTests, false, false), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 3) for i, include := range attrs.externalIncludes { - mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 5, attrs.includes[i]) + mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 3, attrs.includes[i]) } }, configPath: "testdata/TestDataPropertyIncludes/with_parent_property/list_available_includes_type_common_settings.tf", @@ -169,7 +169,7 @@ func TestDataPropertyIncludes(t *testing.T) { includes: createIncludes(0, contractForTests, groupForTests, false, false), }, init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 5) + mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 3) for i, include := range attrs.externalIncludes { mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 5, attrs.includes[i]) } @@ -189,10 +189,10 @@ func TestDataPropertyIncludes(t *testing.T) { externalIncludes: createExternalIncludeData(15), includes: createIncludes(15, contractForTests, groupForTests, false, true), }, - init: func(t *testing.T, m *papi.Mock, attrs attributes) { - mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 5) + init: func(_ *testing.T, m *papi.Mock, attrs attributes) { + mockListAvailableIncludes(m, attrs.contractID, attrs.groupID, attrs.parentProperty.id, attrs.parentProperty.version, attrs.includesNumber, 3) for i, include := range attrs.externalIncludes { - mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 5, attrs.includes[i]) + mockGetInclude(m, attrs.contractID, attrs.groupID, include.IncludeID, 3, attrs.includes[i]) } }, configPath: "testdata/TestDataPropertyIncludes/with_parent_property/list_available_includes_type_microservices.tf", diff --git a/pkg/providers/property/resource_akamai_property_include_test.go b/pkg/providers/property/resource_akamai_property_include_test.go index e1c597424..e4a26136c 100644 --- a/pkg/providers/property/resource_akamai_property_include_test.go +++ b/pkg/providers/property/resource_akamai_property_include_test.go @@ -789,7 +789,7 @@ func TestResourcePropertyInclude(t *testing.T) { expectRead(m, testData).Once() // Data source refresh call - expectGetIncludeRuleTree(m, testData).Times(2) + expectGetIncludeRuleTree(m, testData).Times(1) // Resource update calls testData.rulesPath = "simple_rules.json" @@ -804,7 +804,7 @@ func TestResourcePropertyInclude(t *testing.T) { expectRead(m, testData).Once() // Data source post-update call - expectGetIncludeRuleTree(m, testData).Times(2) + expectGetIncludeRuleTree(m, testData).Times(1) expectDelete(m, testData).Once() }, diff --git a/pkg/providers/property/resource_akamai_property_test.go b/pkg/providers/property/resource_akamai_property_test.go index 904d392c1..7e9565127 100644 --- a/pkg/providers/property/resource_akamai_property_test.go +++ b/pkg/providers/property/resource_akamai_property_test.go @@ -1844,7 +1844,7 @@ func TestPropertyResource_versionNotesLifecycle(t *testing.T) { mockRead(versionNotes1, rules1And2.Rules).Times(2) // step 2 - refresh + plan - mockRead(versionNotes2, rules1And2.Rules).Times(2) + mockRead(versionNotes2, rules1And2.Rules).Times(1) // step 3 - refresh + update + read + plan mockRead(versionNotes2, rules1And2.Rules).Times(1) @@ -1871,7 +1871,7 @@ func TestPropertyResource_versionNotesLifecycle(t *testing.T) { mockRead(rules4And5.Comments, rules4And5.Rules).Times(2) // step 5 - refresh + plan - mockRead(rules4And5.Comments, rules4And5.Rules).Times(2) + mockRead(rules4And5.Comments, rules4And5.Rules).Times(1) // cleanup client.On("RemoveProperty", mock.Anything, papi.RemovePropertyRequest{ From 476805066557f5667fe8bb6db563a5c9b9de0c6d Mon Sep 17 00:00:00 2001 From: Michal Wojcik Date: Tue, 20 Aug 2024 14:18:22 +0000 Subject: [PATCH 07/17] DXE-4143 Add support for new rule format v2024-08-13 --- CHANGELOG.md | 2 + ...data_akamai_property_rules_builder_test.go | 39 + .../rule_format_v2024_08_13.gen.go | 16324 ++++++++++++++++ .../content_compression_v2024_08_13.json | 68 + .../default_v2024_08_13.json | 373 + .../dynamic_content_v2024_08_13.json | 29 + .../rules_v2024_08_13.tf | 268 + .../static_content_v2024_08_13.json | 110 + 8 files changed, 17213 insertions(+) create mode 100644 pkg/providers/property/ruleformats/rule_format_v2024_08_13.gen.go create mode 100755 pkg/providers/property/testdata/TestDSPropertyRulesBuilder/content_compression_v2024_08_13.json create mode 100755 pkg/providers/property/testdata/TestDSPropertyRulesBuilder/default_v2024_08_13.json create mode 100755 pkg/providers/property/testdata/TestDSPropertyRulesBuilder/dynamic_content_v2024_08_13.json create mode 100644 pkg/providers/property/testdata/TestDSPropertyRulesBuilder/rules_v2024_08_13.tf create mode 100755 pkg/providers/property/testdata/TestDSPropertyRulesBuilder/static_content_v2024_08_13.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 809846d85..707c2eae8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,8 @@ +* PAPI + * Added support for new rule format `v2024-08-13` diff --git a/pkg/providers/property/data_akamai_property_rules_builder_test.go b/pkg/providers/property/data_akamai_property_rules_builder_test.go index 9a5da438d..3dc9f5e62 100644 --- a/pkg/providers/property/data_akamai_property_rules_builder_test.go +++ b/pkg/providers/property/data_akamai_property_rules_builder_test.go @@ -285,6 +285,45 @@ func TestDataPropertyRulesBuilder(t *testing.T) { }) }) }) + t.Run("valid rule with 3 children - v2024-08-13", func(t *testing.T) { + useClient(nil, nil, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{{ + Config: testutils.LoadFixtureString(t, "testdata/TestDSPropertyRulesBuilder/rules_v2024_08_13.tf"), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("data.akamai_property_rules_builder.default", + "rule_format", + "v2024-08-13"), + testCheckResourceAttrJSON("data.akamai_property_rules_builder.default", + "json", + testutils.LoadFixtureString(t, "testdata/TestDSPropertyRulesBuilder/default_v2024_08_13.json")), + + resource.TestCheckResourceAttr("data.akamai_property_rules_builder.content_compression", + "rule_format", + "v2024-08-13"), + testCheckResourceAttrJSON("data.akamai_property_rules_builder.content_compression", + "json", + testutils.LoadFixtureString(t, "testdata/TestDSPropertyRulesBuilder/content_compression_v2024_08_13.json")), + + resource.TestCheckResourceAttr("data.akamai_property_rules_builder.static_content", + "rule_format", + "v2024-08-13"), + testCheckResourceAttrJSON("data.akamai_property_rules_builder.static_content", + "json", + testutils.LoadFixtureString(t, "testdata/TestDSPropertyRulesBuilder/static_content_v2024_08_13.json")), + + resource.TestCheckResourceAttr("data.akamai_property_rules_builder.dynamic_content", + "rule_format", + "v2024-08-13"), + testCheckResourceAttrJSON("data.akamai_property_rules_builder.dynamic_content", + "json", + testutils.LoadFixtureString(t, "testdata/TestDSPropertyRulesBuilder/dynamic_content_v2024_08_13.json")), + ), + }}, + }) + }) + }) t.Run("rule empty options - v2024-01-09", func(t *testing.T) { useClient(nil, nil, func() { resource.UnitTest(t, resource.TestCase{ diff --git a/pkg/providers/property/ruleformats/rule_format_v2024_08_13.gen.go b/pkg/providers/property/ruleformats/rule_format_v2024_08_13.gen.go new file mode 100644 index 000000000..947f569d5 --- /dev/null +++ b/pkg/providers/property/ruleformats/rule_format_v2024_08_13.gen.go @@ -0,0 +1,16324 @@ +package ruleformats + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func init() { + schemasRegistry.register(RuleFormat{ + version: "rules_v2024_08_13", + behaviorsSchemas: getBehaviorsSchemaV20240813(), + criteriaSchemas: getCriteriaSchemaV20240813(), + typeMappings: map[string]interface{}{"adScalerCircuitBreaker.returnErrorResponseCodeBased.408": 408, "adScalerCircuitBreaker.returnErrorResponseCodeBased.500": 500, "adScalerCircuitBreaker.returnErrorResponseCodeBased.502": 502, "adScalerCircuitBreaker.returnErrorResponseCodeBased.504": 504}, + nameMappings: map[string]string{"allowFcmParentOverride": "allowFCMParentOverride", "allowHttpsCacheKeySharing": "allowHTTPSCacheKeySharing", "allowHttpsDowngrade": "allowHTTPSDowngrade", "allowHttpsUpgrade": "allowHTTPSUpgrade", "c": "C", "canBeCa": "canBeCA", "cn": "CN", "conditionalHttpStatus": "conditionalHTTPStatus", "contentCharacteristicsAmd": "contentCharacteristicsAMD", "contentCharacteristicsDd": "contentCharacteristicsDD", "dcpAuthHmacTransformation": "dcpAuthHMACTransformation", "detectSmartDnsProxy": "detectSmartDNSProxy", "detectSmartDnsProxyAction": "detectSmartDNSProxyAction", "detectSmartDnsProxyRedirecturl": "detectSmartDNSProxyRedirecturl", "enableCmcdSegmentPrefetch": "enableCMCDSegmentPrefetch", "enableEs256": "enableES256", "enableIpAvoidance": "enableIPAvoidance", "enableIpProtection": "enableIPProtection", "enableIpRedirectOnDeny": "enableIPRedirectOnDeny", "enableRs256": "enableRS256", "enableTokenInUri": "enableTokenInURI", "g2OToken": "g2oToken", "g2Oheader": "g2oheader", "i18NCharset": "i18nCharset", "i18NStatus": "i18nStatus", "isCertificateSniOnly": "isCertificateSNIOnly", "issuerRdns": "issuerRDNs", "logEdgeIp": "logEdgeIP", "o": "O", "originSettings": "origin_settings", "ou": "OU", "overrideIpAddresses": "overrideIPAddresses", "segmentDurationDash": "segmentDurationDASH", "segmentDurationDashCustom": "segmentDurationDASHCustom", "segmentDurationHds": "segmentDurationHDS", "segmentDurationHdsCustom": "segmentDurationHDSCustom", "segmentDurationHls": "segmentDurationHLS", "segmentDurationHlsCustom": "segmentDurationHLSCustom", "segmentSizeDash": "segmentSizeDASH", "segmentSizeHds": "segmentSizeHDS", "segmentSizeHls": "segmentSizeHLS", "sf3COriginHost": "sf3cOriginHost", "sf3COriginHostHeader": "sf3cOriginHostHeader", "smartDnsProxy": "smartDNSProxy", "standardTlsMigration": "standardTLSMigration", "standardTlsMigrationOverride": "standardTLSMigrationOverride", "subjectCn": "subjectCN", "subjectRdns": "subjectRDNs", "titleAicMobile": "title_aic_mobile", "titleAicNonmobile": "title_aic_nonmobile", "tokenAuthDashTitle": "tokenAuthDASHTitle", "tokenAuthHlsTitle": "tokenAuthHLSTitle"}, + shouldFlatten: []string{"apiPrioritization.cloudletPolicy", "apiPrioritization.throttledCpCode", "apiPrioritization.throttledCpCode.cpCodeLimits", "apiPrioritization.netStorage", "applicationLoadBalancer.cloudletPolicy", "applicationLoadBalancer.allDownNetStorage", "audienceSegmentation.cloudletPolicy", "cpCode.value", "cpCode.value.cpCodeLimits", "edgeRedirector.cloudletPolicy", "failAction.netStorageHostname", "failAction.cpCode", "failAction.cpCode.cpCodeLimits", "firstPartyMarketing.cloudletPolicy", "firstPartyMarketingPlus.cloudletPolicy", "forwardRewrite.cloudletPolicy", "imageAndVideoManager.cpCodeOriginal", "imageAndVideoManager.cpCodeOriginal.cpCodeLimits", "imageAndVideoManager.cpCodeTransformed", "imageAndVideoManager.cpCodeTransformed.cpCodeLimits", "imageManager.cpCodeOriginal", "imageManager.cpCodeOriginal.cpCodeLimits", "imageManager.cpCodeTransformed", "imageManager.cpCodeTransformed.cpCodeLimits", "imageManagerVideo.cpCodeOriginal", "imageManagerVideo.cpCodeOriginal.cpCodeLimits", "imageManagerVideo.cpCodeTransformed", "imageManagerVideo.cpCodeTransformed.cpCodeLimits", "origin.netStorage", "origin.customCertificateAuthorities.subjectRDNs", "origin.customCertificateAuthorities.issuerRDNs", "origin.customCertificates.subjectRDNs", "origin.customCertificates.issuerRDNs", "phasedRelease.cloudletPolicy", "requestControl.cloudletPolicy", "requestControl.netStorage", "siteShield.ssmap", "visitorPrioritization.cloudletPolicy", "visitorPrioritization.waitingRoomCpCode", "visitorPrioritization.waitingRoomCpCode.cpCodeLimits", "visitorPrioritization.waitingRoomNetStorage", "webApplicationFirewall.firewallConfiguration", "matchCpCode.value", "matchCpCode.value.cpCodeLimits"}, + }) +} + +func getBehaviorsSchemaV20240813() map[string]*schema.Schema { + return map[string]*schema.Schema{ + "ad_scaler_circuit_breaker": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior works with `manifestRerouting` to provide the scale and reliability of Akamai network while simultaneously allowing third party partners to modify the requested media content with value-added features. The `adScalerCircuitBreaker` behavior specifies the fallback action in case the technology partner encounters errors and can't modify the requested media object. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "response_delay_based": { + Optional: true, + Description: "Triggers a fallback action based on the delayed response from the technology partner's server.", + Type: schema.TypeBool, + }, + "response_delay_threshold": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"500ms"}, false)), + Optional: true, + Description: "Specifies the maximum response delay that, if exceeded, triggers the fallback action.", + Type: schema.TypeString, + }, + "response_code_based": { + Optional: true, + Description: "Triggers a fallback action based on the response code from the technology partner's server.", + Type: schema.TypeBool, + }, + "response_codes": { + ValidateDiagFunc: validateRegexOrVariable("^(([0-9]{3})(,?))+$"), + Optional: true, + Description: "Specifies the codes in the partner's response that trigger the fallback action, either `408`, `500`, `502`, `504`, `SAME_AS_RECEIEVED`, or `SPECIFY_YOUR_OWN` for a custom code.", + Type: schema.TypeString, + }, + "fallback_action_response_code_based": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RETURN_AKAMAI_COPY", "RETURN_ERROR"}, false)), + Optional: true, + Description: "Specifies the fallback action.", + Type: schema.TypeString, + }, + "return_error_response_code_based": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SAME_AS_RECEIVED", "408", "500", "502", "504", "SPECIFY_YOUR_OWN"}, false)), + Optional: true, + Description: "Specifies the error to include in the response to the client.", + Type: schema.TypeString, + }, + "specify_your_own_response_code_based": { + ValidateDiagFunc: validateRegexOrVariable("^\\d{3}$"), + Optional: true, + Description: "Defines a custom error response.", + Type: schema.TypeString, + }, + }, + }, + }, + "adaptive_acceleration": { + Optional: true, + Type: schema.TypeList, + Description: "Adaptive Acceleration uses HTTP/2 server push functionality with Ion properties to pre-position content and improve the performance of HTML page loading based on real user monitoring (RUM) timing data. It also helps browsers to preconnect to content that’s likely needed for upcoming requests. To use this behavior, make sure you enable the `http2` behavior. Use the `Adaptive Acceleration API` to report on the set of assets this feature optimizes. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "source": { + Optional: true, + Description: "The source Adaptive Acceleration uses to gather the real user monitoring timing data, either `mPulse` or `realUserMonitoring`. The recommended `mPulse` option supports all optimizations and requires the `mPulse` behavior added by default to new Ion properties. The classic `realUserMonitoring` method has been deprecated. If you set it as the data source, make sure you use it with the `realUserMonitoring` behavior.", + Type: schema.TypeString, + }, + "title_http2_server_push": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_push": { + Optional: true, + Description: "Recognizes resources like JavaScript, CSS, and images based on gathered timing data and sends these resources to a browser as it's waiting for a response to the initial request for your website or app. See `Automatic Server Push` for more information.", + Type: schema.TypeBool, + }, + "title_preconnect": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_preconnect": { + Optional: true, + Description: "Allows browsers to anticipate what connections your site needs, and establishes those connections ahead of time. See `Automatic Preconnect` for more information.", + Type: schema.TypeBool, + }, + "title_preload": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "preload_enable": { + Optional: true, + Description: "Allows browsers to preload necessary fonts before they fetch and process other resources. See `Automatic Font Preload` for more information.", + Type: schema.TypeBool, + }, + "ab_testing": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "ab_logic": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DISABLED", "CLOUDLETS", "MANUAL"}, false)), + Optional: true, + Description: "Specifies whether to use Adaptive Acceleration in an A/B testing environment. To include Adaptive Acceleration data in your A/B testing, specify the mode you want to apply. Otherwise, `DISABLED` by default. See `Add A/B testing to A2` for details.", + Type: schema.TypeString, + }, + "cookie_name": { + Optional: true, + Description: "This specifies the name of the cookie file used for redirecting the requests in the A/B testing environment.", + Type: schema.TypeString, + }, + "compression": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "title_ro": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_ro": { + Optional: true, + Description: "Enables the Resource Optimizer, which automates the compression and delivery of your `.css`, `.js`, and `.svg` content using a combination of Brotli and Zopfli compressions. The compression is performed offline, during a time to live that the feature automatically sets. See the `resourceOptimizer` and `resourceOptimizerExtendedCompatibility` behaviors for more details.", + Type: schema.TypeBool, + }, + "title_brotli": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_brotli_compression": { + Optional: true, + Description: "Applies Brotli compression, converting your origin content to cache on edge servers.", + Type: schema.TypeBool, + }, + "enable_for_noncacheable": { + Optional: true, + Description: "Applies Brotli compression to non-cacheable content.", + Type: schema.TypeBool, + }, + }, + }, + }, + "adaptive_image_compression": { + Optional: true, + Type: schema.TypeList, + Description: "> **Note**: Starting from May 31, 2024, Adaptive Image Compression is no longer supported and the image compression configured through this functionality won't take place. As an alternative, we offer `Image & Video Manager`. It intelligently and automatically optimizes images and videos on the fly for every user. Reach out to your Akamai representatives for more information on this product. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "title_aic_mobile": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "compress_mobile": { + Optional: true, + Description: "Adapts images served over cellular mobile networks.", + Type: schema.TypeBool, + }, + "tier1_mobile_compression_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMPRESS", "BYPASS", "STRIP"}, false)), + Optional: true, + Description: "Specifies tier-1 behavior.", + Type: schema.TypeString, + }, + "tier1_mobile_compression_value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the compression percentage.", + Type: schema.TypeInt, + }, + "tier2_mobile_compression_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMPRESS", "BYPASS", "STRIP"}, false)), + Optional: true, + Description: "Specifies tier-2 cellular-network behavior.", + Type: schema.TypeString, + }, + "tier2_mobile_compression_value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the compression percentage.", + Type: schema.TypeInt, + }, + "tier3_mobile_compression_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMPRESS", "BYPASS", "STRIP"}, false)), + Optional: true, + Description: "Specifies tier-3 cellular-network behavior.", + Type: schema.TypeString, + }, + "tier3_mobile_compression_value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the compression percentage.", + Type: schema.TypeInt, + }, + "title_aic_nonmobile": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "compress_standard": { + Optional: true, + Description: "Adapts images served over non-cellular networks.", + Type: schema.TypeBool, + }, + "tier1_standard_compression_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMPRESS", "BYPASS", "STRIP"}, false)), + Optional: true, + Description: "Specifies tier-1 non-cellular network behavior.", + Type: schema.TypeString, + }, + "tier1_standard_compression_value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the compression percentage.", + Type: schema.TypeInt, + }, + "tier2_standard_compression_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMPRESS", "BYPASS", "STRIP"}, false)), + Optional: true, + Description: "Specifies tier-2 non-cellular network behavior.", + Type: schema.TypeString, + }, + "tier2_standard_compression_value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the compression percentage.", + Type: schema.TypeInt, + }, + "tier3_standard_compression_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMPRESS", "BYPASS", "STRIP"}, false)), + Optional: true, + Description: "Specifies tier-3 non-cellular network behavior.", + Type: schema.TypeString, + }, + "tier3_standard_compression_value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the compression percentage.", + Type: schema.TypeInt, + }, + }, + }, + }, + "advanced": { + Optional: true, + Type: schema.TypeList, + Description: "This specifies Akamai XML metadata. It can only be configured on your behalf by Akamai Professional Services. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "description": { + Optional: true, + Description: "Human-readable description of what the XML block does.", + Type: schema.TypeString, + }, + "xml": { + Optional: true, + Description: "Akamai XML metadata.", + Type: schema.TypeString, + }, + }, + }, + }, + "aggregated_reporting": { + Optional: true, + Type: schema.TypeList, + Description: "Configure a custom report that collects traffic data. The data is based on one to four variables, such as `sum`, `average`, `min`, and `max`. These aggregation attributes help compile traffic data summaries. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables aggregated reporting.", + Type: schema.TypeBool, + }, + "report_name": { + Optional: true, + Description: "The unique name of the aggregated report within the property. If you reconfigure any attributes or variables in the aggregated reporting behavior, update this field to a unique value to enable logging data in a new instance of the report.", + Type: schema.TypeString, + }, + "attributes_count": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(1, 4)), + Optional: true, + Description: "The number of attributes to include in the report, ranging from 1 to 4.", + Type: schema.TypeInt, + }, + "attribute1": { + Optional: true, + Description: "Specify a previously user-defined variable name as a report attribute. The values extracted for all attributes range from 0 to 20 characters.", + Type: schema.TypeString, + }, + "attribute2": { + Optional: true, + Description: "Specify a previously user-defined variable name as a report attribute. The values extracted for all attributes range from 0 to 20 characters.", + Type: schema.TypeString, + }, + "attribute3": { + Optional: true, + Description: "Specify a previously user-defined variable name as a report attribute. The values extracted for all attributes range from 0 to 20 characters.", + Type: schema.TypeString, + }, + "attribute4": { + Optional: true, + Description: "Specify a previously user-defined variable name as a report attribute. The values extracted for all attributes range from 0 to 20 characters.", + Type: schema.TypeString, + }, + }, + }, + }, + "akamaizer": { + Optional: true, + Type: schema.TypeList, + Description: "This allows you to run regular expression substitutions over web pages. To apply this behavior, you need to match on a `contentType`. Contact Akamai Professional Services for help configuring the Akamaizer. See also the `akamaizerTag` behavior. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Akamaizer behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "akamaizer_tag": { + Optional: true, + Type: schema.TypeList, + Description: "This specifies HTML tags and replacement rules for hostnames used in conjunction with the `akamaizer` behavior. Contact Akamai Professional Services for help configuring the Akamaizer. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_hostname": { + Optional: true, + Description: "Specifies the hostname to match on as a Perl-compatible regular expression.", + Type: schema.TypeString, + }, + "replacement_hostname": { + Optional: true, + Description: "Specifies the replacement hostname for the tag to use.", + Type: schema.TypeString, + }, + "scope": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ATTRIBUTE", "URL_ATTRIBUTE", "BLOCK", "PAGE"}, false)), + Optional: true, + Description: "Specifies the part of HTML content the `tagsAttribute` refers to.", + Type: schema.TypeString, + }, + "tags_attribute": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"A", "A_HREF", "IMG", "IMG_SRC", "SCRIPT", "SCRIPT_SRC", "LINK", "LINK_HREF", "TD", "TD_BACKGROUND", "TABLE", "TABLE_BACKGROUND", "IFRAME", "IFRAME_SRC", "AREA", "AREA_HREF", "BASE", "BASE_HREF", "FORM", "FORM_ACTION"}, false)), + Optional: true, + Description: "Specifies the tag or tag/attribute combination to operate on.", + Type: schema.TypeString, + }, + "replace_all": { + Optional: true, + Description: "Replaces all matches when enabled, otherwise replaces only the first match.", + Type: schema.TypeBool, + }, + "include_tags_attribute": { + Optional: true, + Description: "Whether to include the `tagsAttribute` value.", + Type: schema.TypeBool, + }, + }, + }, + }, + "all_http_in_cache_hierarchy": { + Optional: true, + Type: schema.TypeList, + Description: "Allow all HTTP request methods to be used for the edge's parent servers, useful to implement features such as `Site Shield`, `SureRoute`, and Tiered Distribution. (See the `siteShield`, `sureRoute`, and `tieredDistribution` behaviors.) This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables all HTTP requests for parent servers in the cache hierarchy.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_cloudlets_origins": { + Optional: true, + Type: schema.TypeList, + Description: "Allows Cloudlets Origins to determine the criteria, separately from the Property Manager, under which alternate `origin` definitions are assigned. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows you to assign custom origin definitions referenced in sub-rules by `cloudletsOrigin` labels. If disabled, all sub-rules are ignored.", + Type: schema.TypeBool, + }, + "honor_base_directory": { + Optional: true, + Description: "Prefixes any Cloudlet-generated origin path with a path defined by an Origin Base Path behavior. If no path is defined, it has no effect. If another Cloudlet policy already prepends the same Origin Base Path, the path is not duplicated.", + Type: schema.TypeBool, + }, + "purge_origin_query_parameter": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "When purging content from a Cloudlets Origin, this specifies a query parameter name whose value is the specific named origin to purge. Note that this only applies to content purge requests, for example when using the `Content Control Utility API`.", + Type: schema.TypeString, + }, + }, + }, + }, + "allow_delete": { + Optional: true, + Type: schema.TypeList, + Description: "Allow HTTP requests using the DELETE method. By default, GET, HEAD, and OPTIONS requests are allowed, and all other methods result in a 501 error. Such content does not cache, and any DELETE requests pass to the origin. See also the `allowOptions`, `allowPatch`, `allowPost`, and `allowPut` behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows DELETE requests. Content does `not` cache.", + Type: schema.TypeBool, + }, + "allow_body": { + Optional: true, + Description: "Allows data in the body of the DELETE request.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_https_cache_key_sharing": { + Optional: true, + Type: schema.TypeList, + Description: "HTTPS cache key sharing allows HTTP requests to be served from an HTTPS cache. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables HTTPS cache key sharing.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_https_downgrade": { + Optional: true, + Type: schema.TypeList, + Description: "Passes HTTPS requests to origin as HTTP. This is useful when incorporating Standard TLS or Akamai's shared certificate delivery security with an origin that serves HTTP traffic. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Downgrades to HTTP protocol for the origin server.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_options": { + Optional: true, + Type: schema.TypeList, + Description: "GET, HEAD, and OPTIONS requests are allowed by default. All other HTTP methods result in a 501 error. For full support of Cross-Origin Resource Sharing (CORS), you need to allow requests that use the OPTIONS method. If you're using the `corsSupport` behavior, do not disable OPTIONS requests. The response to an OPTIONS request is not cached, so the request always goes through the Akamai network to your origin, unless you use the `constructResponse` behavior to send responses directly from the Akamai network. See also the `allowDelete`, `allowPatch`, `allowPost`, and `allowPut` behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Set this to `true` to reflect the default policy where edge servers allow the OPTIONS method, without caching the response. Set this to `false` to deny OPTIONS requests and respond with a 501 error.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_patch": { + Optional: true, + Type: schema.TypeList, + Description: "Allow HTTP requests using the PATCH method. By default, GET, HEAD, and OPTIONS requests are allowed, and all other methods result in a 501 error. Such content does not cache, and any PATCH requests pass to the origin. See also the `allowDelete`, `allowOptions`, `allowPost`, and `allowPut` behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows PATCH requests. Content does `not` cache.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_post": { + Optional: true, + Type: schema.TypeList, + Description: "Allow HTTP requests using the POST method. By default, GET, HEAD, and OPTIONS requests are allowed, and POST requests are denied with 403 error. All other methods result in a 501 error. See also the `allowDelete`, `allowOptions`, `allowPatch`, and `allowPut` behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows POST requests.", + Type: schema.TypeBool, + }, + "allow_without_content_length": { + Optional: true, + Description: "By default, POST requests also require a `Content-Length` header, or they result in a 411 error. With this option enabled with no specified `Content-Length`, the edge server relies on a `Transfer-Encoding` header to chunk the data. If neither header is present, it assumes the request has no body, and it adds a header with a `0` value to the forward request.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_put": { + Optional: true, + Type: schema.TypeList, + Description: "Allow HTTP requests using the PUT method. By default, GET, HEAD, and OPTIONS requests are allowed, and all other methods result in a 501 error. Such content does not cache, and any PUT requests pass to the origin. See also the `allowDelete`, `allowOptions`, `allowPatch`, and `allowPost` behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows PUT requests. Content does `not` cache.", + Type: schema.TypeBool, + }, + }, + }, + }, + "allow_transfer_encoding": { + Optional: true, + Type: schema.TypeList, + Description: "Controls whether to allow or deny Chunked Transfer Encoding (CTE) requests to pass to your origin. If your origin supports CTE, you should enable this behavior. This behavior also protects against a known issue when pairing `http2` and `webdav` behaviors within the same rule tree, in which case it's required. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows Chunked Transfer Encoding requests.", + Type: schema.TypeBool, + }, + }, + }, + }, + "alt_svc_header": { + Optional: true, + Type: schema.TypeList, + Description: "Sets the maximum age value for the Alternative Services (`Alt-Svc`) header. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "max_age": { + Optional: true, + Description: "Specifies the `max-age` value in seconds for the `Alt-Svc` header. The default `max-age` for an `Alt-Svc` header is 93600 seconds (26 hours).", + Type: schema.TypeInt, + }, + }, + }, + }, + "api_prioritization": { + Optional: true, + Type: schema.TypeList, + Description: "Enables the API Prioritization Cloudlet, which maintains continuity in user experience by serving an alternate static response when load is too high. You can configure rules using either the Cloudlets Policy Manager application or the `Cloudlets API`. Use this feature serve static API content, such as fallback JSON data. To serve non-API HTML content, use the `visitorPrioritization` behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Activates the API Prioritization feature.", + Type: schema.TypeBool, + }, + "is_shared_policy": { + Optional: true, + Description: "Whether you want to apply the Cloudlet shared policy to an unlimited number of properties within your account. Learn more about shared policies and how to create them in `Cloudlets Policy Manager`.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "Identifies the Cloudlet shared policy to use with this behavior. Use the `Cloudlets API` to list available shared policies.", + Type: schema.TypeInt, + }, + "label": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "A label to distinguish this API Prioritization policy from any others in the same property.", + Type: schema.TypeString, + }, + "use_throttled_cp_code": { + Optional: true, + Description: "Specifies whether to apply an alternative CP code for requests served the alternate response.", + Type: schema.TypeBool, + }, + "throttled_cp_code": { + Optional: true, + Description: "Specifies the CP code as an object. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "use_throttled_status_code": { + Optional: true, + Description: "Allows you to assign a specific HTTP response code to a throttled request.", + Type: schema.TypeBool, + }, + "throttled_status_code": { + ValidateDiagFunc: validateRegexOrVariable("^\\d{3}$"), + Optional: true, + Description: "Specifies the HTTP response code for requests that receive the alternate response.", + Type: schema.TypeInt, + }, + "net_storage": { + Optional: true, + Description: "Specify the NetStorage domain that contains the alternate response.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cp_code": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "download_domain_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "g2o_token": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "net_storage_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specify the full NetStorage path for the alternate response, including trailing file name.", + Type: schema.TypeString, + }, + "alternate_response_cache_ttl": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(5, 30)), + Optional: true, + Description: "Specifies the alternate response's time to live in the cache, `5` minutes by default.", + Type: schema.TypeInt, + }, + }, + }, + }, + "application_load_balancer": { + Optional: true, + Type: schema.TypeList, + Description: "Enables the Application Load Balancer Cloudlet, which automates load balancing based on configurable criteria. To configure this behavior, use either the Cloudlets Policy Manager or the `Cloudlets API` to set up a policy. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Activates the Application Load Balancer Cloudlet.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "label": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "A label to distinguish this Application Load Balancer policy from any others within the same property.", + Type: schema.TypeString, + }, + "stickiness_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "stickiness_cookie_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "NEVER", "ON_BROWSER_CLOSE", "FIXED_DATE", "DURATION", "ORIGIN_SESSION"}, false)), + Optional: true, + Description: "Determines how a cookie persistently associates the client with a load-balanced origin.", + Type: schema.TypeString, + }, + "stickiness_expiration_date": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies when the cookie expires.", + Type: schema.TypeString, + }, + "stickiness_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Sets how long it is before the cookie expires.", + Type: schema.TypeString, + }, + "stickiness_refresh": { + Optional: true, + Description: "Extends the duration of the cookie with each new request. When enabled, the `DURATION` thus specifies the latency between requests that would cause the cookie to expire.", + Type: schema.TypeBool, + }, + "origin_cookie_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the name for your session cookie.", + Type: schema.TypeString, + }, + "specify_stickiness_cookie_domain": { + Optional: true, + Description: "Specifies whether to use a cookie domain with the stickiness cookie, to tell the browser to which domain to send the cookie.", + Type: schema.TypeBool, + }, + "stickiness_cookie_domain": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies the domain to track the stickiness cookie.", + Type: schema.TypeString, + }, + "stickiness_cookie_automatic_salt": { + Optional: true, + Description: "Sets whether to assign a `salt` value automatically to the cookie to prevent manipulation by the user. You should not enable this if sharing the population cookie across more than one property.", + Type: schema.TypeBool, + }, + "stickiness_cookie_salt": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the stickiness cookie's salt value. Use this option to share the cookie across many properties.", + Type: schema.TypeString, + }, + "stickiness_cookie_set_http_only_flag": { + Optional: true, + Description: "Ensures the cookie is transmitted only over HTTP.", + Type: schema.TypeBool, + }, + "all_down_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "all_down_net_storage": { + Optional: true, + Description: "Specifies a NetStorage account for a static maintenance page as a fallback when no origins are available.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cp_code": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "download_domain_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "g2o_token": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "all_down_net_storage_file": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the fallback maintenance page's filename, expressed as a full path from the root of the NetStorage server.", + Type: schema.TypeString, + }, + "all_down_status_code": { + ValidateDiagFunc: validateRegexOrVariable("^\\d{3}$"), + Optional: true, + Description: "Specifies the HTTP response code when all load-balancing origins are unavailable.", + Type: schema.TypeString, + }, + "failover_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "failover_status_codes": { + Optional: true, + Description: "Specifies a set of HTTP status codes that signal a failure on the origin, in which case the cookie that binds the client to that origin is invalidated and the client is rerouted to another available origin.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "failover_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"AUTOMATIC", "MANUAL", "DISABLED"}, false)), + Optional: true, + Description: "Determines what to do if an origin fails.", + Type: schema.TypeString, + }, + "failover_origin_map": { + Optional: true, + Description: "Specifies a fixed set of failover mapping rules.", + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "from_origin_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-\\.]+$"), + Optional: true, + Description: "Specifies the origin whose failure triggers the mapping rule.", + Type: schema.TypeString, + }, + "to_origin_ids": { + Optional: true, + Description: "Requests stuck to the `fromOriginId` origin retry for each alternate origin `toOriginIds`, until one succeeds.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "failover_attempts_threshold": { + Optional: true, + Description: "Sets the number of failed requests that would trigger the failover process.", + Type: schema.TypeInt, + }, + "cached_content_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "allow_cache_prefresh": { + Optional: true, + Description: "Allows the cache to prefresh. Only appropriate if all origins serve the same content for the same URL.", + Type: schema.TypeBool, + }, + }, + }, + }, + "audience_segmentation": { + Optional: true, + Type: schema.TypeList, + Description: "Allows you to divide your users into different segments based on a persistent cookie. You can configure rules using either the Cloudlets Policy Manager application or the `Cloudlets API`. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Audience Segmentation cloudlet feature.", + Type: schema.TypeBool, + }, + "is_shared_policy": { + Optional: true, + Description: "Whether you want to use a shared policy for a Cloudlet. Learn more about shared policies and how to create them in `Cloudlets Policy Manager`.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "This identifies the Cloudlet shared policy to use with this behavior. You can list available shared policies with the `Cloudlets API`.", + Type: schema.TypeInt, + }, + "label": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies a suffix to append to the cookie name. This helps distinguish this audience segmentation policy from any others within the same property.", + Type: schema.TypeString, + }, + "segment_tracking_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "segment_tracking_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IN_QUERY_PARAM", "IN_COOKIE_HEADER", "IN_CUSTOM_HEADER", "NONE"}, false)), + Optional: true, + Description: "Specifies the method to pass segment information to the origin. The Cloudlet passes the rule applied to a given request location.", + Type: schema.TypeString, + }, + "segment_tracking_query_param": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This query parameter specifies the name of the segmentation rule.", + Type: schema.TypeString, + }, + "segment_tracking_cookie_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This cookie name specifies the name of the segmentation rule.", + Type: schema.TypeString, + }, + "segment_tracking_custom_header": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This custom HTTP header specifies the name of the segmentation rule.", + Type: schema.TypeString, + }, + "population_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "population_cookie_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NEVER", "ON_BROWSER_CLOSE", "DURATION"}, false)), + Optional: true, + Description: "Specifies when the segmentation cookie expires.", + Type: schema.TypeString, + }, + "population_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the lifetime of the segmentation cookie.", + Type: schema.TypeString, + }, + "population_refresh": { + Optional: true, + Description: "If disabled, sets the expiration time only if the cookie is not yet present in the request.", + Type: schema.TypeBool, + }, + "specify_population_cookie_domain": { + Optional: true, + Description: "Whether to specify a cookie domain with the population cookie. It tells the browser to which domain to send the cookie.", + Type: schema.TypeBool, + }, + "population_cookie_domain": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies the domain to track the population cookie.", + Type: schema.TypeString, + }, + "population_cookie_automatic_salt": { + Optional: true, + Description: "Whether to assign a `salt` value automatically to the cookie to prevent manipulation by the user. You should not enable if sharing the population cookie across more than one property.", + Type: schema.TypeBool, + }, + "population_cookie_salt": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the cookie's salt value. Use this option to share the cookie across many properties.", + Type: schema.TypeString, + }, + "population_cookie_include_rule_name": { + Optional: true, + Description: "When enabled, includes in the session cookie the name of the rule in which this behavior appears.", + Type: schema.TypeBool, + }, + }, + }, + }, + "auto_domain_validation": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows standard TLS domain validated certificates to renew automatically. Apply it after using the `Certificate Provisioning System` to request a certificate for a hostname. To provision certificates programmatically, see the `Certificate Provisioning System API`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "autodv": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "base_directory": { + Optional: true, + Type: schema.TypeList, + Description: "Prefix URLs sent to the origin with a base path. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^/([^:#\\[\\]@/?]+/)*$"), + Optional: true, + Description: "Specifies the base path of content on your origin server. The value needs to begin and end with a slash (`/`) character, for example `/parent/child/`.", + Type: schema.TypeString, + }, + }, + }, + }, + "boss_beaconing": { + Optional: true, + Type: schema.TypeList, + Description: "Triggers diagnostic data beacons for use with BOSS, Akamai's monitoring and diagnostics system. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enable diagnostic data beacons.", + Type: schema.TypeBool, + }, + "cpcodes": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9 ]*$"), + Optional: true, + Description: "The space-separated list of CP codes that trigger the beacons. You need to specify the same set of CP codes within BOSS.", + Type: schema.TypeString, + }, + "request_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"EDGE", "EDGE_MIDGRESS"}, false)), + Optional: true, + Description: "Specify when to trigger a beacon.", + Type: schema.TypeString, + }, + "forward_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"MIDGRESS", "ORIGIN", "MIDGRESS_ORIGIN"}, false)), + Optional: true, + Description: "Specify when to trigger a beacon.", + Type: schema.TypeString, + }, + "sampling_frequency": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SAMPLING_FREQ_0_0", "SAMPLING_FREQ_0_1"}, false)), + Optional: true, + Description: "Specifies a sampling frequency or disables beacons.", + Type: schema.TypeString, + }, + "conditional_sampling_frequency": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CONDITIONAL_SAMPLING_FREQ_0_0", "CONDITIONAL_SAMPLING_FREQ_0_1", "CONDITIONAL_SAMPLING_FREQ_0_2", "CONDITIONAL_SAMPLING_FREQ_0_3"}, false)), + Optional: true, + Description: "Specifies a conditional sampling frequency or disables beacons.", + Type: schema.TypeString, + }, + "conditional_http_status": { + Optional: true, + Description: "Specifies the set of response status codes or ranges that trigger the beacon.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "conditional_error_pattern": { + Optional: true, + Description: "A space-separated set of error patterns that trigger beacons to conditional feeds. Each pattern can include wildcards, where `?` matches a single character and `*` matches zero or more characters. For example, `*CONNECT* *DENIED*` matches two different words as substrings.", + Type: schema.TypeString, + }, + }, + }, + }, + "breadcrumbs": { + Optional: true, + Type: schema.TypeList, + Description: "Provides per-HTTP transaction visibility into a request for content, regardless of how deep the request goes into the Akamai platform. The `Akamai-Request-BC` response header includes various data, such as network health and the location in the Akamai network used to serve content, which simplifies log review for troubleshooting. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Breadcrumbs feature.", + Type: schema.TypeBool, + }, + "opt_mode": { + Optional: true, + Description: "Specifies whether to include Breadcrumbs data in the response header. To bypass the current `optMode`, append the opposite `ak-bc` query string to each request from your player.", + Type: schema.TypeBool, + }, + "logging_enabled": { + Optional: true, + Description: "Whether to collect all Breadcrumbs data in logs, including the response headers sent a requesting client. This can also be helpful if you're using `DataStream 2` to retrieve log data. This way, all Breadcrumbs data is carried in the logs it uses.", + Type: schema.TypeBool, + }, + }, + }, + }, + "break_connection": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior simulates an origin connection problem, typically to test an accompanying `failAction` policy. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the break connection behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "brotli": { + Optional: true, + Type: schema.TypeList, + Description: "Accesses Brotli-compressed assets from your origin and caches them on edge servers. This doesn't compress resources within the content delivery network in real time. You need to set up Brotli compression separately on your origin. If a requesting client doesn't support Brotli, edge servers deliver non-Brotli resources. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Fetches Brotli-compressed assets from your origin and caches them on edge servers.", + Type: schema.TypeBool, + }, + }, + }, + }, + "cache_error": { + Optional: true, + Type: schema.TypeList, + Description: "Caches the origin's error responses to decrease server load. Applies for 10 seconds by default to the following HTTP codes: `204`, `305`, `404`, `405`, `501`, `502`, `503`, `504`, and `505`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Activates the error-caching behavior.", + Type: schema.TypeBool, + }, + "ttl": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Overrides the default caching duration of `10s`. Note that if set to `0`, it is equivalent to `no-cache`, which forces revalidation and may cause a traffic spike. This can be counterproductive when, for example, the origin is producing an error code of `500`.", + Type: schema.TypeString, + }, + "preserve_stale": { + Optional: true, + Description: "When enabled, the edge server preserves stale cached objects when the origin returns `500`, `502`, `503`, and `504` error codes. This avoids re-fetching and re-caching content after transient errors.", + Type: schema.TypeBool, + }, + }, + }, + }, + "cache_id": { + Optional: true, + Type: schema.TypeList, + Description: "Controls which query parameters, headers, and cookies are included in or excluded from the cache key identifier. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "rule": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"INCLUDE_QUERY_PARAMS", "INCLUDE_COOKIES", "INCLUDE_HEADERS", "EXCLUDE_QUERY_PARAMS", "INCLUDE_ALL_QUERY_PARAMS", "INCLUDE_VARIABLE", "INCLUDE_URL"}, false)), + Optional: true, + Description: "Specifies how to modify the cache ID.", + Type: schema.TypeString, + }, + "include_value": { + Optional: true, + Description: "Includes the value of the specified elements in the cache ID. Otherwise only their names are included.", + Type: schema.TypeBool, + }, + "optional": { + Optional: true, + Description: "Requires the behavior's specified elements to be present for content to cache. When disabled, requests that lack the specified elements are still cached.", + Type: schema.TypeBool, + }, + "elements": { + Optional: true, + Description: "Specifies the names of the query parameters, cookies, or headers to include or exclude from the cache ID.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "variable_name": { + Optional: true, + Description: "Specifies the name of the variable you want to include in the cache key.", + Type: schema.TypeString, + }, + }, + }, + }, + "cache_key_ignore_case": { + Optional: true, + Type: schema.TypeList, + Description: "By default, cache keys are generated under the assumption that path and filename components are case-sensitive, so that `File.html` and `file.html` use separate cache keys. Enabling this behavior forces URL components whose case varies to resolve to the same cache key. Enable this behavior if your origin server is already case-insensitive, such as those based on Microsoft IIS. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Ignores case when forming cache keys.", + Type: schema.TypeBool, + }, + }, + }, + }, + "cache_key_query_params": { + Optional: true, + Type: schema.TypeList, + Description: "By default, cache keys are formed as URLs with full query strings. This behavior allows you to consolidate cached objects based on specified sets of query parameters. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"INCLUDE_ALL_PRESERVE_ORDER", "INCLUDE_ALL_ALPHABETIZE_ORDER", "IGNORE_ALL", "INCLUDE", "IGNORE"}, false)), + Optional: true, + Description: "Configures how sets of query string parameters translate to cache keys. Be careful not to ignore any parameters that result in substantially different content, as it is `not` reflected in the cached object.", + Type: schema.TypeString, + }, + "parameters": { + Optional: true, + Description: "Specifies the set of parameter field names to include in or exclude from the cache key. By default, these match the field names as string prefixes.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "exact_match": { + Optional: true, + Description: "When enabled, `parameters` needs to match exactly. Keep disabled to match string prefixes.", + Type: schema.TypeBool, + }, + }, + }, + }, + "cache_key_rewrite": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior rewrites a default cache key's path. Contact Akamai Professional Services for help configuring it. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "purge_key": { + ValidateDiagFunc: validateRegexOrVariable("^[\\w-]+$"), + Optional: true, + Description: "Specifies the new cache key path as an alphanumeric value.", + Type: schema.TypeString, + }, + }, + }, + }, + "cache_post": { + Optional: true, + Type: schema.TypeList, + Description: "By default, POST requests are passed to the origin. This behavior overrides the default, and allows you to cache POST responses. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables caching of POST responses.", + Type: schema.TypeBool, + }, + "use_body": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IGNORE", "MD5", "QUERY"}, false)), + Optional: true, + Description: "Define how and whether to use the POST message body as a cache key.", + Type: schema.TypeString, + }, + }, + }, + }, + "cache_redirect": { + Optional: true, + Type: schema.TypeList, + Description: "Controls the caching of HTTP 302 and 307 temporary redirects. By default, Akamai edge servers don't cache them. Enabling this behavior instructs edge servers to allow these redirects to be cached the same as HTTP 200 responses. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the redirect caching behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "cache_tag": { + Optional: true, + Type: schema.TypeList, + Description: "This adds a cache tag to the requested object. With cache tags, you can flexibly fast purge tagged segments of your cached content. You can either define these tags with an `Edge-Cache-Tag` header at the origin server level, or use this behavior to directly add a cache tag to the object as the edge server caches it. The `cacheTag` behavior can only take a single value, including a variable. If you want to specify more tags for an object, add a few instances of this behavior to your configuration. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "tag": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9\\&\\'\\^\\-\\$\\!\\`\\#\\%\\.\\+\\~\\_\\|\\/]+$"), + Optional: true, + Description: "Specifies the cache tag you want to add to your cached content. A cache tag is only added when the object is first added to cache. A single cache tag can't exceed 128 characters and can only include alphanumeric characters, plus this class of characters: ```[!#$%'+./^_`|~-]```", + Type: schema.TypeString, + }, + }, + }, + }, + "cache_tag_visible": { + Optional: true, + Type: schema.TypeList, + Description: "Cache tags are comma-separated string values you define within an `Edge-Cache-Tag` header. You can use them to flexibly fast purge tagged segments of your cached content. You can either define these headers at the origin server level, or use the `modifyOutgoingResponseHeader` behavior to configure them at the edge. Apply this behavior to confirm you're deploying the intended set of cache tags to your content. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NEVER", "PRAGMA_HEADER", "ALWAYS"}, false)), + Optional: true, + Description: "Specifies when to include the `Edge-Cache-Tag` in responses.", + Type: schema.TypeString, + }, + }, + }, + }, + "caching": { + Optional: true, + Type: schema.TypeList, + Description: "Control content caching on edge servers: whether or not to cache, whether to honor the origin's caching headers, and for how long to cache. Note that any `NO_STORE` or `BYPASS_CACHE` HTTP headers set on the origin's content override this behavior. For more details on how caching works in Property Manager, see the `Learn about caching` section in the guide. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"MAX_AGE", "NO_STORE", "BYPASS_CACHE", "CACHE_CONTROL_AND_EXPIRES", "CACHE_CONTROL", "EXPIRES"}, false)), + Optional: true, + Description: "Specify the caching option.", + Type: schema.TypeString, + }, + "must_revalidate": { + Optional: true, + Description: "Determines what to do once the cached content has expired, by which time the Akamai platform should have re-fetched and validated content from the origin. If enabled, only allows the re-fetched content to be served. If disabled, may serve stale content if the origin is unavailable.", + Type: schema.TypeBool, + }, + "ttl": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "The maximum time content may remain cached. Setting the value to `0` is the same as setting a `no-cache` header, which forces content to revalidate.", + Type: schema.TypeString, + }, + "default_ttl": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Set the `MAX_AGE` header for the cached content.", + Type: schema.TypeString, + }, + "cache_control_directives": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enhanced_rfc_support": { + Optional: true, + Description: "This enables honoring particular `Cache-Control` header directives from the origin. Supports all official `RFC 7234` directives except for `no-transform`.", + Type: schema.TypeBool, + }, + "cacheability_settings": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "honor_no_store": { + Optional: true, + Description: "Instructs edge servers not to cache the response when the origin response includes the `no-store` directive.", + Type: schema.TypeBool, + }, + "honor_private": { + Optional: true, + Description: "Instructs edge servers not to cache the response when the origin response includes the `private` directive.", + Type: schema.TypeBool, + }, + "honor_no_cache": { + Optional: true, + Description: "With the `no-cache` directive present in the response, this instructs edge servers to validate or refetch the response for each request. Effectively, set the time to live `ttl` to zero seconds.", + Type: schema.TypeBool, + }, + "expiration_settings": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "honor_max_age": { + Optional: true, + Description: "This instructs edge servers to cache the object for a length of time set by the `max-age` directive in the response. When present in the origin response, this directive takes precedence over the `max-age` directive and the `defaultTtl` setting.", + Type: schema.TypeBool, + }, + "honor_s_maxage": { + Optional: true, + Description: "Instructs edge servers to cache the object for a length of time set by the `s-maxage` directive in the response. When present in the origin response, this directive takes precedence over the `max-age` directive and the `defaultTtl` setting.", + Type: schema.TypeBool, + }, + "revalidation_settings": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "honor_must_revalidate": { + Optional: true, + Description: "This instructs edge servers to successfully revalidate with the origin server before using stale objects in the cache to satisfy new requests.", + Type: schema.TypeBool, + }, + "honor_proxy_revalidate": { + Optional: true, + Description: "With the `proxy-revalidate` directive present in the response, this instructs edge servers to successfully revalidate with the origin server before using stale objects in the cache to satisfy new requests.", + Type: schema.TypeBool, + }, + }, + }, + }, + "central_authorization": { + Optional: true, + Type: schema.TypeList, + Description: "Forward client requests to the origin server for authorization, along with optional `Set-Cookie` headers, useful when you need to maintain tight access control. The edge server forwards an `If-Modified-Since` header, to which the origin needs to respond with a `304` (Not-Modified) HTTP status when authorization succeeds. If so, the edge server responds to the client with the cached object, since it does not need to be re-acquired from the origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the centralized authorization behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "chase_redirects": { + Optional: true, + Type: schema.TypeList, + Description: "Controls whether the edge server chases any redirects served from the origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows edge servers to chase redirects.", + Type: schema.TypeBool, + }, + "limit": { + Optional: true, + Description: "Specifies, as a string, the maximum number of redirects to follow.", + Type: schema.TypeString, + }, + "serve404": { + Optional: true, + Description: "Once the redirect `limit` is reached, enabling this option serves an HTTP `404` (Not Found) error instead of the last redirect.", + Type: schema.TypeBool, + }, + }, + }, + }, + "client_certificate_auth": { + Optional: true, + Type: schema.TypeList, + Description: "Sends a `Client-To-Edge` header to your origin server with details from the mutual TLS certificate sent from the requesting client to the edge network. This establishes transitive trust between the client and your origin server. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "Constructs the `Client-To-Edge` authentication header using information from the client to edge mTLS handshake and forwards it to your origin. You can configure your origin to acknowledge the header to enable transitive trust. Some form of the client x.509 certificate needs to be included in the header. You can include the full certificate or specific attributes.", + Type: schema.TypeBool, + }, + "enable_complete_client_certificate": { + Optional: true, + Description: "Whether to include the complete client certificate in the header, in its binary (DER) format. DER-formatted certificates leave out the `BEGIN CERTIFICATE/END CERTIFICATE` statements and most often use the `.der` extension. Alternatively, you can specify individual `clientCertificateAttributes` you want included in the request.", + Type: schema.TypeBool, + }, + "client_certificate_attributes": { + Optional: true, + Description: "Specify client certificate attributes to include in the `Client-To-Edge` authentication header that's sent to your origin server.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enable_client_certificate_validation_status": { + Optional: true, + Description: "Whether to include the current validation status of the client certificate in the `Client-To-Edge` authentication header. This verifies the validation status of the certificate, regardless of the certificate attributes you're including in the header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "client_characteristics": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the client ecosystem. Akamai uses this information to optimize your metadata configuration, which may result in better end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "country": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"GLOBAL", "GLOBAL_US_CENTRIC", "GLOBAL_EU_CENTRIC", "GLOBAL_ASIA_CENTRIC", "EUROPE", "NORTH_AMERICA", "SOUTH_AMERICA", "NORDICS", "ASIA_PACIFIC", "AUSTRALIA", "GERMANY", "INDIA", "ITALY", "JAPAN", "TAIWAN", "UNITED_KINGDOM", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Specifies the client request's geographic region.", + Type: schema.TypeString, + }, + }, + }, + }, + "cloud_interconnects": { + Optional: true, + Type: schema.TypeList, + Description: "Cloud Interconnects forwards traffic from edge servers to your cloud origin through Private Network Interconnects (PNIs), helping to reduce the egress costs at the origin. Supports origins hosted by Google Cloud Provider (GCP). This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Channels the traffic to maximize the egress discount at the origin.", + Type: schema.TypeBool, + }, + "cloud_locations": { + Optional: true, + Description: "Specifies the geographical locations of your cloud origin. You should enable Cloud Interconnects only if your origin is in one of these locations, since GCP doesn't provide a discount for egress traffic for any other regions.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "cloud_wrapper": { + Optional: true, + Type: schema.TypeList, + Description: "`Cloud Wrapper` maximizes origin offload for large libraries of video, game, and software downloads by optimizing data caches in regions nearest to your origin. You can't use this behavior in conjunction with `sureRoute` or `tieredDistribution`. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables Cloud Wrapper behavior.", + Type: schema.TypeBool, + }, + "location": { + Optional: true, + Description: "The location you want to distribute your Cloud Wrapper cache space to. This behavior allows all locations configured in your Cloud Wrapper configuration.", + Type: schema.TypeString, + }, + }, + }, + }, + "cloud_wrapper_advanced": { + Optional: true, + Type: schema.TypeList, + Description: "Your account representative uses this behavior to implement a customized failover configuration on your behalf. Use Cloud Wrapper Advanced with an enabled `cloudWrapper` behavior in the same rule. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables failover for Cloud Wrapper.", + Type: schema.TypeBool, + }, + "failover_map": { + Optional: true, + Description: "Specifies the failover map to handle Cloud Wrapper failures. Contact your account representative for more information.", + Type: schema.TypeString, + }, + "custom_failover_map": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z][a-zA-Z0-9-]*$"), + Optional: true, + Description: "Specifies the custom failover map to handle Cloud Wrapper failures. Contact your account representative for more information.", + Type: schema.TypeString, + }, + }, + }, + }, + "common_media_client_data": { + Optional: true, + Type: schema.TypeList, + Description: "Use this behavior to send expanded playback information as CMCD metadata in requests from a media player. Edge servers may use this metadata for segment prefetching to optimize your content's delivery, or for logging. For more details and additional property requirements, see the `Adaptive Media Delivery` documentation. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable_cmcd_segment_prefetch": { + Optional: true, + Description: "Uses Common Media Client Data (CMCD) metadata to determine the segment URLs your origin server prefetches to speed up content delivery.", + Type: schema.TypeBool, + }, + }, + }, + }, + "conditional_origin": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "origin_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-\\.]+$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "construct_response": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior constructs an HTTP response, complete with HTTP status code and body, to serve from the edge independently of your origin. For example, you might want to send a customized response if the URL doesn't point to an object on the origin server, or if the end user is not authorized to view the requested content. You can use it with all request methods you allow for your property, including POST. For more details, see the `allowOptions`, `allowPatch`, `allowPost`, `allowPut`, and `allowDelete` behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Serves the custom response.", + Type: schema.TypeBool, + }, + "body": { + Optional: true, + Description: "HTML response of up to 2000 characters to send to the end-user client.", + Type: schema.TypeString, + }, + "response_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{200, 404, 401, 403, 405, 417, 500, 501, 502, 503, 504})), + Optional: true, + Description: "The HTTP response code to send to the end-user client.", + Type: schema.TypeInt, + }, + "force_eviction": { + Optional: true, + Description: "For GET requests from clients, this forces edge servers to evict the underlying object from cache. Defaults to `false`.", + Type: schema.TypeBool, + }, + "ignore_purge": { + Optional: true, + Description: "Whether to ignore the custom response when purging.", + Type: schema.TypeBool, + }, + }, + }, + }, + "content_characteristics": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the delivered content. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "object_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the size of the object retrieved from the origin.", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LONG_TAIL", "ALL_POPULAR", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the content's expected popularity.", + Type: schema.TypeString, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the total size of the content library delivered.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"USER_GENERATED", "WEB_OBJECTS", "SOFTWARE", "IMAGES", "OTHER_OBJECTS", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the type of content.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_characteristics_amd": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the delivered content. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the total size of the content library delivered.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SD", "HD", "ULTRA_HD", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the quality of media content.", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LONG_TAIL", "ALL_POPULAR", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the content's expected popularity.", + Type: schema.TypeString, + }, + "hls": { + Optional: true, + Description: "Enable delivery of HLS media.", + Type: schema.TypeBool, + }, + "segment_duration_hls": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S", "OTHER"}, false)), + Optional: true, + Description: "Specifies the duration of individual segments.", + Type: schema.TypeString, + }, + "segment_duration_hls_custom": { + Optional: true, + Description: "Customizes the number of seconds for the segment.", + Type: schema.TypeFloat, + }, + "segment_size_hls": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "hds": { + Optional: true, + Description: "Enable delivery of HDS media.", + Type: schema.TypeBool, + }, + "segment_duration_hds": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S", "OTHER"}, false)), + Optional: true, + Description: "Specifies the duration of individual fragments.", + Type: schema.TypeString, + }, + "segment_duration_hds_custom": { + Optional: true, + Description: "Customizes the number of seconds for the fragment.", + Type: schema.TypeInt, + }, + "segment_size_hds": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "dash": { + Optional: true, + Description: "Enable delivery of DASH media.", + Type: schema.TypeBool, + }, + "segment_duration_dash": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S", "OTHER"}, false)), + Optional: true, + Description: "Specifies the duration of individual segments.", + Type: schema.TypeString, + }, + "segment_duration_dash_custom": { + Optional: true, + Description: "Customizes the number of seconds for the segment.", + Type: schema.TypeInt, + }, + "segment_size_dash": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "smooth": { + Optional: true, + Description: "Enable delivery of Smooth media.", + Type: schema.TypeBool, + }, + "segment_duration_smooth": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S", "OTHER"}, false)), + Optional: true, + Description: "Specifies the duration of individual fragments.", + Type: schema.TypeString, + }, + "segment_duration_smooth_custom": { + Optional: true, + Description: "Customizes the number of seconds for the fragment.", + Type: schema.TypeFloat, + }, + "segment_size_smooth": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_characteristics_dd": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the delivered content. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "object_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the size of the object retrieved from the origin.", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LONG_TAIL", "ALL_POPULAR", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the content's expected popularity.", + Type: schema.TypeString, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the total size of the content library delivered.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"VIDEO", "SOFTWARE", "SOFTWARE_PATCH", "GAME", "GAME_PATCH", "OTHER_DOWNLOADS", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the type of content.", + Type: schema.TypeString, + }, + "optimize_option": { + Optional: true, + Description: "Optimizes the delivery throughput and download times for large files.", + Type: schema.TypeBool, + }, + }, + }, + }, + "content_characteristics_wsd_large_file": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the delivered content, specifically targeted to delivering large files. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "object_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the size of the object retrieved from the origin.", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LONG_TAIL", "ALL_POPULAR", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the content's expected popularity.", + Type: schema.TypeString, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the total size of the content library delivered.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"VIDEO", "SOFTWARE", "SOFTWARE_PATCH", "GAME", "GAME_PATCH", "OTHER_DOWNLOADS", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the type of content.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_characteristics_wsd_live": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the delivered content, specifically targeted to delivering live video. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the total size of the content library delivered.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SD", "HD", "ULTRA_HD", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the quality of media content.", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LONG_TAIL", "ALL_POPULAR", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the content's expected popularity.", + Type: schema.TypeString, + }, + "hls": { + Optional: true, + Description: "Enable delivery of HLS media.", + Type: schema.TypeBool, + }, + "segment_duration_hls": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual segments.", + Type: schema.TypeString, + }, + "segment_size_hls": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "hds": { + Optional: true, + Description: "Enable delivery of HDS media.", + Type: schema.TypeBool, + }, + "segment_duration_hds": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual fragments.", + Type: schema.TypeString, + }, + "segment_size_hds": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "dash": { + Optional: true, + Description: "Enable delivery of DASH media.", + Type: schema.TypeBool, + }, + "segment_duration_dash": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual segments.", + Type: schema.TypeString, + }, + "segment_size_dash": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "smooth": { + Optional: true, + Description: "Enable delivery of Smooth media.", + Type: schema.TypeBool, + }, + "segment_duration_smooth": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual fragments.", + Type: schema.TypeString, + }, + "segment_size_smooth": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_characteristics_wsd_vod": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the delivered content, specifically targeted to delivering on-demand video. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the total size of the content library delivered.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SD", "HD", "ULTRA_HD", "OTHER", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the quality of media content.", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LONG_TAIL", "ALL_POPULAR", "UNKNOWN"}, false)), + Optional: true, + Description: "Optimize based on the content's expected popularity.", + Type: schema.TypeString, + }, + "hls": { + Optional: true, + Description: "Enable delivery of HLS media.", + Type: schema.TypeBool, + }, + "segment_duration_hls": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual segments.", + Type: schema.TypeString, + }, + "segment_size_hls": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "hds": { + Optional: true, + Description: "Enable delivery of HDS media.", + Type: schema.TypeBool, + }, + "segment_duration_hds": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual fragments.", + Type: schema.TypeString, + }, + "segment_size_hds": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "dash": { + Optional: true, + Description: "Enable delivery of DASH media.", + Type: schema.TypeBool, + }, + "segment_duration_dash": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual segments.", + Type: schema.TypeString, + }, + "segment_size_dash": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + "smooth": { + Optional: true, + Description: "Enable delivery of Smooth media.", + Type: schema.TypeBool, + }, + "segment_duration_smooth": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SEGMENT_DURATION_2S", "SEGMENT_DURATION_4S", "SEGMENT_DURATION_6S", "SEGMENT_DURATION_8S", "SEGMENT_DURATION_10S"}, false)), + Optional: true, + Description: "Specifies the duration of individual fragments.", + Type: schema.TypeString, + }, + "segment_size_smooth": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "ONE_MB_TO_TEN_MB", "TEN_MB_TO_100_MB", "GREATER_THAN_100MB", "UNKNOWN", "OTHER"}, false)), + Optional: true, + Description: "Specifies the size of the media object retrieved from the origin.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_pre_position": { + Optional: true, + Type: schema.TypeList, + Description: "Content Preposition. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Content PrePosition behavior.", + Type: schema.TypeBool, + }, + "source_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ORIGIN"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "targets": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLOUDWRAPPER"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "first_location": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "second_location": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "content_targeting_protection": { + Optional: true, + Type: schema.TypeList, + Description: "Content Targeting is based on `EdgeScape`, Akamai's location-based access control system. You can use it to allow or deny access to a set of geographic regions or IP addresses. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Content Targeting feature.", + Type: schema.TypeBool, + }, + "geo_protection_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_geo_protection": { + Optional: true, + Description: "When enabled, verifies IP addresses are unique to specific geographic regions.", + Type: schema.TypeBool, + }, + "geo_protection_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY"}, false)), + Optional: true, + Description: "Specifies how to handle requests.", + Type: schema.TypeString, + }, + "countries": { + Optional: true, + Description: "Specifies a set of two-character ISO 3166 country codes from which to allow or deny traffic. See `EdgeScape Data Codes` for a list.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "regions": { + Optional: true, + Description: "Specifies a set of ISO 3166-2 regional codes from which to allow or deny traffic. See `EdgeScape Data Codes` for a list.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "dmas": { + Optional: true, + Description: "Specifies the set of Designated Market Area codes from which to allow or deny traffic. See `EdgeScape Data Codes` for a list.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "override_ip_addresses": { + Optional: true, + Description: "Specify a set of IP addresses or CIDR blocks that exceptions to the set of included or excluded areas.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enable_geo_redirect_on_deny": { + Optional: true, + Description: "When enabled, redirects denied requests rather than responding with an error code.", + Type: schema.TypeBool, + }, + "geo_redirect_url": { + Optional: true, + Description: "This specifies the full URL to the redirect page for denied requests.", + Type: schema.TypeString, + }, + "ip_protection_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_ip_protection": { + Optional: true, + Description: "Allows you to control access to your content from specific sets of IP addresses and CIDR blocks.", + Type: schema.TypeBool, + }, + "ip_protection_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY"}, false)), + Optional: true, + Description: "Specifies how to handle requests.", + Type: schema.TypeString, + }, + "ip_addresses": { + Optional: true, + Description: "Specify a set of IP addresses or CIDR blocks to allow or deny.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enable_ip_redirect_on_deny": { + Optional: true, + Description: "When enabled, redirects denied requests rather than responding with an error code.", + Type: schema.TypeBool, + }, + "ip_redirect_url": { + Optional: true, + Description: "This specifies the full URL to the redirect page for denied requests.", + Type: schema.TypeString, + }, + "referrer_protection_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_referrer_protection": { + Optional: true, + Description: "Allows you allow traffic from certain referring websites, and disallow traffic from unauthorized sites that hijack those links.", + Type: schema.TypeBool, + }, + "referrer_protection_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY"}, false)), + Optional: true, + Description: "Specify the action to take.", + Type: schema.TypeString, + }, + "referrer_domains": { + Optional: true, + Description: "Specifies the set of domains from which to allow or deny traffic.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enable_referrer_redirect_on_deny": { + Optional: true, + Description: "When enabled, redirects denied requests rather than responding with an error code.", + Type: schema.TypeBool, + }, + "referrer_redirect_url": { + Optional: true, + Description: "This specifies the full URL to the redirect page for denied requests.", + Type: schema.TypeString, + }, + }, + }, + }, + "cors_support": { + Optional: true, + Type: schema.TypeList, + Description: "Cross-origin resource sharing (CORS) allows web pages in one domain to access restricted resources from your domain. Specify external origin hostnames, methods, and headers that you want to accept via HTTP response headers. Full support of CORS requires allowing requests that use the OPTIONS method. See `allowOptions`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables CORS feature.", + Type: schema.TypeBool, + }, + "allow_origins": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ANY", "SPECIFIED"}, false)), + Optional: true, + Description: "In responses to preflight requests, sets which origin hostnames to accept requests from.", + Type: schema.TypeString, + }, + "origins": { + Optional: true, + Description: "Defines the origin hostnames to accept requests from. The hostnames that you enter need to start with `http` or `https`. For detailed hostname syntax requirements, refer to RFC-952 and RFC-1123 specifications.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "allow_credentials": { + Optional: true, + Description: "Accepts requests made using credentials, like cookies or TLS client certificates.", + Type: schema.TypeBool, + }, + "allow_headers": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ANY", "SPECIFIED"}, false)), + Optional: true, + Description: "In responses to preflight requests, defines which headers to allow when making the actual request.", + Type: schema.TypeString, + }, + "headers": { + Optional: true, + Description: "Defines the supported request headers.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "methods": { + Optional: true, + Description: "Specifies any combination of the following methods: `DELETE`, `GET`, `PATCH`, `POST`, and `PUT` that are allowed when accessing the resource from an external domain.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "expose_headers": { + Optional: true, + Description: "In responses to preflight requests, lists names of headers that clients can access. By default, clients can access the following simple response headers: `Cache-Control`, `Content-Language`, `Content-Type`, `Expires`, `Last-Modified`, and `Pragma`. You can add other header names to make them accessible to clients.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "preflight_max_age": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Defines the number of seconds that the browser should cache the response to a preflight request.", + Type: schema.TypeString, + }, + }, + }, + }, + "cp_code": { + Optional: true, + Type: schema.TypeList, + Description: "Content Provider Codes (CP codes) allow you to distinguish various reporting and billing traffic segments, and you need them to access properties. You receive an initial CP code when purchasing Akamai, and you can run the `Create a new CP code` operation to generate more. This behavior applies any valid CP code, either as required as a default at the top of the rule tree, or subsequently to override the default. For a CP code to be valid, it needs to be assigned the same contract and product as the property, and the group needs access to it. For available values, run the `List CP codes` operation. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + Optional: true, + Description: "Specifies the CP code as an object. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "custom_behavior": { + Optional: true, + Type: schema.TypeList, + Description: "Allows you to insert a customized XML metadata behavior into any property's rule tree. Talk to your Akamai representative to implement the customized behavior. Once it's ready, run PAPI's `List custom behaviors` operation, then apply the relevant `behaviorId` value from the response within the current `customBehavior`. See `Custom behaviors and overrides` for guidance on custom metadata behaviors. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior_id": { + Optional: true, + Description: "The unique identifier for the predefined custom behavior you want to insert into the current rule.", + Type: schema.TypeString, + }, + }, + }, + }, + "datastream": { + Optional: true, + Type: schema.TypeList, + Description: "The `DataStream` reporting service provides real-time logs on application activity, including aggregated metrics on complete request and response cycles and origin response times. Apply this behavior to report on this set of traffic. Use the `DataStream API` to aggregate the data. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "stream_type": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validation.ToDiagFunc(validation.StringInSlice([]string{"BEACON", "LOG", "BEACON_AND_LOG"}, false))), + Optional: true, + Description: "Specify the DataStream type.", + Type: schema.TypeString, + }, + "beacon_stream_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables DataStream reporting.", + Type: schema.TypeBool, + }, + "datastream_ids": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[0-9]+(-[0-9]+)*$")), + Optional: true, + Description: "A set of dash-separated DataStream ID values to limit the scope of reported data. By default, all active streams report. Use the DataStream application to gather stream ID values that apply to this property configuration. Specifying IDs for any streams that don't apply to this property has no effect, and results in no data reported.", + Type: schema.TypeString, + }, + "log_stream_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "log_enabled": { + Optional: true, + Description: "Enables log collection for the property by associating it with DataStream configurations.", + Type: schema.TypeBool, + }, + "log_stream_name": { + Optional: true, + Description: "Specifies the unique IDs of streams configured for the property. For properties created with the previous version of the rule format, this option contains a string instead of an array of strings. You can use the `List streams` operation to get stream IDs.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "sampling_percentage": { + Optional: true, + Description: "Specifies the percentage of log data you want to collect for this property.", + Type: schema.TypeInt, + }, + "collect_midgress_traffic": { + Optional: true, + Description: "If enabled, gathers midgress traffic data within the Akamai platform, such as between two edge servers, for all streams configured.", + Type: schema.TypeBool, + }, + }, + }, + }, + "dcp": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. (The `IoT Edge Connect API` allows programmatic access.) This behavior allows you to select previously reserved namespaces and set the protocols for users to publish and receive messages within these namespaces. Use the `verifyJsonWebTokenForDcp` behavior to control access. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables IoT Edge Connect.", + Type: schema.TypeBool, + }, + "namespace_id": { + Optional: true, + Description: "Specifies the globally reserved name for a specific configuration. It includes authorization rules over publishing and subscribing to logical categories known as `topics`. This provides a root path for all topics defined within a namespace configuration. You can use the `IoT Edge Connect API` to configure access control lists for your namespace configuration.", + Type: schema.TypeString, + }, + "tlsenabled": { + Optional: true, + Description: "When enabled, you can publish and receive messages over a secured MQTT connection on port 8883.", + Type: schema.TypeBool, + }, + "wsenabled": { + Optional: true, + Description: "When enabled, you can publish and receive messages through a secured MQTT connection over WebSockets on port 443.", + Type: schema.TypeBool, + }, + "gwenabled": { + Optional: true, + Description: "When enabled, you can publish and receive messages over a secured HTTP connection on port 443.", + Type: schema.TypeBool, + }, + "anonymous": { + Optional: true, + Description: "When enabled, you don't need to pass the JWT token with the mqtt request, and JWT validation is skipped.", + Type: schema.TypeBool, + }, + }, + }, + }, + "dcp_auth_hmac_transformation": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. In conjunction with `dcpAuthVariableExtractor`, this behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. It transforms a source string value extracted from the client certificate and stored as a variable, then generates a hash value based on the selected algorithm, for use in authenticating the client request. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "hash_conversion_algorithm": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SHA256", "MD5", "SHA384"}, false)), + Optional: true, + Description: "Specifies the hash algorithm.", + Type: schema.TypeString, + }, + "hash_conversion_key": { + Optional: true, + Description: "Specifies the key to generate the hash, ideally a long random string to ensure adequate security.", + Type: schema.TypeString, + }, + }, + }, + }, + "dcp_auth_regex_transformation": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. In conjunction with `dcpAuthVariableExtractor`, this behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. It transforms a source string value extracted from the client certificate and stored as a variable, then transforms the string based on a regular expression search pattern, for use in authenticating the client request. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "regex_pattern": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\(\\)]*\\([^\\(\\)]+\\)[^\\(\\)]*$"), + Optional: true, + Description: "Specifies a Perl-compatible regular expression with a single grouping to capture the text. For example, a value of `^.(.{0,10})` omits the first character, but then captures up to 10 characters after that. If the regular expression does not capture a substring, authentication may fail.", + Type: schema.TypeString, + }, + }, + }, + }, + "dcp_auth_substring_transformation": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. In conjunction with `dcpAuthVariableExtractor`, this behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. It transforms a source string value extracted from the client certificate and stored as a variable, then extracts a substring, for use in authenticating the client request. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "substring_start": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[0-9]+$")), + Optional: true, + Description: "The zero-based index offset of the first character to extract. If the index is out of bound from the string's length, authentication may fail.", + Type: schema.TypeString, + }, + "substring_end": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[0-9]+$")), + Optional: true, + Description: "The zero-based index offset of the last character to extract, where `-1` selects the remainder of the string. If the index is out of bound from the string's length, authentication may fail.", + Type: schema.TypeString, + }, + }, + }, + }, + "dcp_auth_variable_extractor": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. When enabled, this behavior allows end users to authenticate their requests with valid x509 client certificates. Either a client identifier or access authorization groups are required to make the request valid. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "certificate_field": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SUBJECT_DN", "V3_SUBJECT_ALT_NAME", "SERIAL", "FINGERPRINT_DYN", "FINGERPRINT_MD5", "FINGERPRINT_SHA1", "V3_NETSCAPE_COMMENT"}, false)), + Optional: true, + Description: "Specifies the field in the client certificate to extract the variable from.", + Type: schema.TypeString, + }, + "dcp_mutual_auth_processing_variable_id": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"VAR_DCP_CLIENT_ID", "VAR_DCP_AUTH_GROUP"}, false)), + Optional: true, + Description: "Where to store the value.", + Type: schema.TypeString, + }, + }, + }, + }, + "dcp_default_authz_groups": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior defines a set of default authorization groups to add to each request the property configuration controls. These groups have access regardless of the authentication method you use, either JWT using the `verifyJsonWebTokenForDcp` behavior, or mutual authentication using the `dcpAuthVariableExtractor` behavior to control where authorization groups are extracted from within certificates. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "group_names": { + Optional: true, + Description: "Specifies the set of authorization groups to assign to all connecting devices.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "dcp_dev_relations": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior allows Akamai-external clients to use developer test accounts in a shared environment. In conjunction with `verifyJsonWebTokenForDcp`, this behavior allows you to use your own JWTs in your requests, or those generated by Akamai. It lets you either enable the default JWT server for your test configuration by setting the authentication endpoint to a default path, or specify custom settings for your JWT server and the authentication endpoint. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the default JWT server and sets the authentication endpoint to a default path.", + Type: schema.TypeBool, + }, + "custom_values": { + Optional: true, + Description: "Allows you to specify custom JWT server connection values.", + Type: schema.TypeBool, + }, + "hostname": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z0-9]([a-zA-Z0-9_\\-]*[a-zA-Z0-9])?)\\.)+([a-zA-Z]+|xn--[a-zA-Z0-9]+)$"), + Optional: true, + Description: "Specifies the JWT server's hostname.", + Type: schema.TypeString, + }, + "path": { + Optional: true, + Description: "Specifies the path to your JWT server's authentication endpoint. This lets you generate JWTs to sign your requests.", + Type: schema.TypeString, + }, + }, + }, + }, + "dcp_real_time_auth": { + Optional: true, + Type: schema.TypeList, + Description: "INTERNAL ONLY: The `Internet of Things: Edge Connect` product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior lets you configure the real time authentication to edge servers. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "extract_namespace": { + Optional: true, + Description: "Extracts a namespace from JSON web tokens (JWT).", + Type: schema.TypeBool, + }, + "namespace_claim": { + Optional: true, + Description: "Specifies the claim in JWT to extract the namespace from.", + Type: schema.TypeString, + }, + "extract_jurisdiction": { + Optional: true, + Description: "Extracts a jurisdiction that defines a geographically distributed set of servers from JWT.", + Type: schema.TypeBool, + }, + "jurisdiction_claim": { + Optional: true, + Description: "Specifies the claim in JWT to extract the jurisdiction from.", + Type: schema.TypeString, + }, + "extract_hostname": { + Optional: true, + Description: "Extracts a hostname from JWT.", + Type: schema.TypeBool, + }, + "hostname_claim": { + Optional: true, + Description: "Specifies the claim in JWT to extract the hostname from.", + Type: schema.TypeString, + }, + }, + }, + }, + "delivery_receipt": { + Optional: true, + Type: schema.TypeList, + Description: "A static behavior that's required when specifying the Cloud Monitor module's (`edgeConnect` behavior. You can only apply this behavior if the property is marked as secure. See `Secure property requirements` for guidance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "deny_access": { + Optional: true, + Type: schema.TypeList, + Description: "Assuming a condition in the rule matches, this denies access to the requested content. For example, a `userLocation` match paired with this behavior would deny requests from a specified part of the world. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "reason": { + ValidateDiagFunc: validateRegexOrVariable("^[\\w-]+$"), + Optional: true, + Description: "Text message that keys why access is denied. Any subsequent `denyAccess` behaviors within the rule tree may refer to the same `reason` key to override the current behavior.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Denies access when enabled.", + Type: schema.TypeBool, + }, + }, + }, + }, + "deny_direct_failover_access": { + Optional: true, + Type: schema.TypeList, + Description: "A static behavior required for all properties that implement a failover under the Cloud Security Failover product. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "device_characteristic_cache_id": { + Optional: true, + Type: schema.TypeList, + Description: "By default, source URLs serve as cache IDs on edge servers. Electronic Data Capture allows you to specify an additional set of device characteristics to generate separate cache keys. Use this in conjunction with the `deviceCharacteristicHeader` behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "elements": { + Optional: true, + Description: "Specifies a set of information about the device with which to generate a separate cache key.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "device_characteristic_header": { + Optional: true, + Type: schema.TypeList, + Description: "Sends selected information about requesting devices to the origin server, in the form of an `X-Akamai-Device-Characteristics` HTTP header. Use in conjunction with the `deviceCharacteristicCacheId` behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "elements": { + Optional: true, + Description: "Specifies the set of information about the requesting device to send to the origin server.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "dns_async_refresh": { + Optional: true, + Type: schema.TypeList, + Description: "Allow an edge server to use an expired DNS record when forwarding a request to your origin. The `type A` DNS record refreshes `after` content is served to the end user, so there is no wait for the DNS resolution. Avoid this behavior if you want to be able to disable a server immediately after its DNS record expires. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows edge servers to refresh an expired DNS record after serving content.", + Type: schema.TypeBool, + }, + "timeout": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Set the maximum allowed time an expired DNS record may be active.", + Type: schema.TypeString, + }, + }, + }, + }, + "dns_prefresh": { + Optional: true, + Type: schema.TypeList, + Description: "Allows edge servers to refresh your origin's DNS record independently from end-user requests. The `type A` DNS record refreshes before the origin's DNS record expires. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows edge servers to refresh DNS records before they expire.", + Type: schema.TypeBool, + }, + "delay": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the amount of time following a DNS record's expiration to asynchronously prefresh it.", + Type: schema.TypeString, + }, + "timeout": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the amount of time to prefresh a DNS entry if there have been no requests to the domain name.", + Type: schema.TypeString, + }, + }, + }, + }, + "downgrade_protocol": { + Optional: true, + Type: schema.TypeList, + Description: "Serve static objects to the end-user client over HTTPS, but fetch them from the origin via HTTP. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the protocol downgrading behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "download_complete_marker": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: OTA Updates` product allows customers to securely distribute firmware to devices over cellular networks. Based on match criteria that executes a rule, this behavior logs requests to the OTA servers as completed in aggregated and individual reports. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "download_notification": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: OTA Updates` product allows customers to securely distribute firmware to devices over cellular networks. Based on match criteria that executes a rule, this behavior allows requests to the `OTA Updates API` for a list of completed downloads to individual vehicles. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "downstream_cache": { + Optional: true, + Type: schema.TypeList, + Description: "Specify the caching instructions the edge server sends to the end user's client or client proxies. By default, the cache's duration is whichever is less: the remaining lifetime of the edge cache, or what the origin's header specifies. If the origin is set to `no-store` or `bypass-cache`, edge servers send `cache-busting` headers downstream to prevent downstream caching. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "MUST_REVALIDATE", "BUST", "TUNNEL_ORIGIN", "NONE"}, false)), + Optional: true, + Description: "Specify the caching instructions the edge server sends to the end user's client.", + Type: schema.TypeString, + }, + "allow_behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESSER", "GREATER", "REMAINING_LIFETIME", "FROM_MAX_AGE", "FROM_VALUE", "PASS_ORIGIN"}, false)), + Optional: true, + Description: "Specify how the edge server calculates the downstream cache by setting the value of the `Expires` header.", + Type: schema.TypeString, + }, + "ttl": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Sets the duration of the cache. Setting the value to `0` equates to a `no-cache` header that forces revalidation.", + Type: schema.TypeString, + }, + "send_headers": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL_AND_EXPIRES", "CACHE_CONTROL", "EXPIRES", "PASS_ORIGIN"}, false)), + Optional: true, + Description: "Specifies the HTTP headers to include in the response to the client.", + Type: schema.TypeString, + }, + "send_private": { + Optional: true, + Description: "Adds a `Cache-Control: private` header to prevent objects from being cached in a shared caching proxy.", + Type: schema.TypeBool, + }, + }, + }, + }, + "dynamic_throughtput_optimization": { + Optional: true, + Type: schema.TypeList, + Description: "Enables `quick retry`, which detects slow forward throughput while fetching an object, and attempts a different forward connection path to avoid congestion. By default, connections under 5 mbps trigger this behavior. When the transfer rate drops below this rate during a connection attempt, quick retry is enabled and a different forward connection path is used. Contact Akamai Professional Services to override this threshold. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the quick retry feature.", + Type: schema.TypeBool, + }, + }, + }, + }, + "dynamic_throughtput_optimization_override": { + Optional: true, + Type: schema.TypeList, + Description: "This overrides the default threshold of 5 Mbps that triggers the `dynamicThroughtputOptimization` behavior, which enables the quick retry feature. Quick retry detects slow forward throughput while fetching an object, and attempts a different forward connection path to avoid congestion. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "throughput": { + Optional: true, + Description: "Specifies the default target forward throughput in Mbps, ranging from 2 to 50 Mbps. If this time is exceeded during a connection attempt, quick retry is enabled and a different forward connection path is used.", + Type: schema.TypeString, + }, + }, + }, + }, + "dynamic_web_content": { + Optional: true, + Type: schema.TypeList, + Description: "In conjunction with the `subCustomer` behavior, this optional behavior allows you to control how dynamic web content behaves for your subcustomers using `Akamai Cloud Embed`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "sure_route": { + Optional: true, + Description: "Optimizes how subcustomer traffic routes from origin to edge servers. See the `sureRoute` behavior for more information.", + Type: schema.TypeBool, + }, + "prefetch": { + Optional: true, + Description: "Allows subcustomer content to prefetch over HTTP/2.", + Type: schema.TypeBool, + }, + "real_user_monitoring": { + Optional: true, + Description: "Allows Real User Monitoring (RUM) to collect performance data for subcustomer content. See the `realUserMonitoring` behavior for more information.", + Type: schema.TypeBool, + }, + "image_compression": { + Optional: true, + Description: "Enables image compression for subcustomer content.", + Type: schema.TypeBool, + }, + }, + }, + }, + "early_hints": { + Optional: true, + Type: schema.TypeList, + Description: "Use Early Hints to send an HTTP 103 status code with preliminary HTTP headers at the client request stage, so that a browser can preload critical website resources or preconnect to a specific domain while waiting for the final response. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enable the behavior so that browsers can use that waiting time to preload the resource URLs you specify or preconnect to static or image domains.", + Type: schema.TypeBool, + }, + "resource_url": { + Optional: true, + Description: "Enter the URL to a resource you want clients to receive as an early hint. Edge servers include each resource URL you provide in an instance of the `Link` header that's sent back to the client in the HTTP 103 response. You only need to specify the value of the header, as edge servers automatically add the `Link` header name to the response. Use commas to separate multiple entries. This field supports variables and string concatenation. The URL must be enclosed between `<` and `>` as shown in the example below.", + Type: schema.TypeString, + }, + }, + }, + }, + "ecms_bulk_upload": { + Optional: true, + Type: schema.TypeList, + Description: "Uploads a ZIP archive with objects to an existing data set. The target data set stores objects as key-value pairs. The path to an object in the ZIP archive is a key, and the content of an object is a value. For an overview, see `ecmsDatabase`. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables sending a compressed archive file with objects. Sends the archive file to the default path of the target data set: `/bulk//`.", + Type: schema.TypeBool, + }, + }, + }, + }, + "ecms_database": { + Optional: true, + Type: schema.TypeList, + Description: "Edge Connect Message Store is available for `Internet of Things: Edge Connect` users. It lets you create databases and data sets within these databases. You can use this object store to save files smaller than 2 GB. `ecmsDatabase` specifies a default database for requests to this property, unless indicated otherwise in the URL. To access objects in the default database, you can skip its name in the URLs. To access objects in a different database, pass its name in the header, query parameter, or a regular expression matching a URL segment. You can also configure the `ecmsDataset` behavior to specify a default data set for requests. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "database": { + Optional: true, + Description: "Specifies a default database for this property. If you don't configure a default data set in the `ecmsDataset` behavior, requests to objects in this database follow the pattern: `/datastore//`.", + Type: schema.TypeString, + }, + "extract_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQUEST_HEADER", "QUERY_STRING", "REGEX"}, false)), + Optional: true, + Description: "Specifies where to pass a database name in requests. If the specified location doesn't include the database name or the name doesn't match the regular expression, the default database is used.", + Type: schema.TypeString, + }, + "header_name": { + Optional: true, + Description: "Specifies the request header that passed the database name. By default, it points to `X-KV-Database`.", + Type: schema.TypeString, + }, + "query_parameter_name": { + Optional: true, + Description: "Specifies the query string parameter that passed the database name. By default, it points to `database`.", + Type: schema.TypeString, + }, + "regex_pattern": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\(\\)]*\\([^\\(\\)]+\\)[^\\(\\)]*$"), + Optional: true, + Description: "Specifies the regular expression that matches the database name in the URL.", + Type: schema.TypeString, + }, + }, + }, + }, + "ecms_dataset": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies a default data set for requests to this property unless indicated otherwise in the URL. To access objects in this data set, you can skip the data set name in the URLs. To access objects in a different data set within a database, pass the data set name in the header, query parameter, or a regular expression pattern matching a URL segment. You can also configure the `ecmsDatabase` behavior to specify a default database for requests. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "dataset": { + Optional: true, + Description: "Specifies a default data set for this property. If you don't configure a default database in the `ecmsDatabase` behavior, requests to objects in this data set follow the pattern: `/datastore//`.", + Type: schema.TypeString, + }, + "extract_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQUEST_HEADER", "QUERY_STRING", "REGEX"}, false)), + Optional: true, + Description: "Specifies where to pass a data set name in requests. If the specified location doesn't include the data set name or the name doesn't match the regular expression pattern, the default data set is used.", + Type: schema.TypeString, + }, + "header_name": { + Optional: true, + Description: "Specifies the request header that passed the data set name. By default, it points to `X-KV-Dataset`.", + Type: schema.TypeString, + }, + "query_parameter_name": { + Optional: true, + Description: "Specifies the query string parameter that passed the data set name. By default, it points to `dataset`.", + Type: schema.TypeString, + }, + "regex_pattern": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\(\\)]*\\([^\\(\\)]+\\)[^\\(\\)]*$"), + Optional: true, + Description: "Specifies the regular expression that matches the data set name in the URL.", + Type: schema.TypeString, + }, + }, + }, + }, + "ecms_object_key": { + Optional: true, + Type: schema.TypeList, + Description: "Defines a regular expression to match object keys in custom URLs and to access objects in a data set. You can point custom URLs to access proper values in the target data set. For an overview, see `ecmsDatabase`. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "regex": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\(\\)]*\\([^\\(\\)]+\\)[^\\(\\)]*$"), + Optional: true, + Description: "Enables sending a compressed archive file with objects to the default path of the target data set: `/bulk//`.", + Type: schema.TypeString, + }, + }, + }, + }, + "edge_connect": { + Optional: true, + Type: schema.TypeList, + Description: "Configures traffic logs for the Cloud Monitor push API. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables Cloud Monitor's log-publishing behavior.", + Type: schema.TypeBool, + }, + "api_connector": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DEFAULT", "SIEM_JSON", "BMC_APM"}, false)), + Optional: true, + Description: "Describes the API connector type.", + Type: schema.TypeString, + }, + "api_data_elements": { + Optional: true, + Description: "Specifies the data set to log.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "destination_hostname": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies the target hostname accepting push API requests.", + Type: schema.TypeString, + }, + "destination_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the push API's endpoint.", + Type: schema.TypeString, + }, + "override_aggregate_settings": { + Optional: true, + Description: "When enabled, overrides default log settings.", + Type: schema.TypeBool, + }, + "aggregate_time": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies how often logs are generated.", + Type: schema.TypeString, + }, + "aggregate_lines": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]\\d*$"), + Optional: true, + Description: "Specifies the maximum number of lines to include in each log.", + Type: schema.TypeString, + }, + "aggregate_size": { + ValidateDiagFunc: validateRegexOrVariable("^\\d+[K,M,G,T]B$"), + Optional: true, + Description: "Specifies the log's maximum size.", + Type: schema.TypeString, + }, + }, + }, + }, + "edge_load_balancing_advanced": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior implements customized Edge Load Balancing features. Contact Akamai Professional Services for help configuring it. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "description": { + Optional: true, + Description: "A description of what the `xml` block does.", + Type: schema.TypeString, + }, + "xml": { + Optional: true, + Description: "A block of Akamai XML metadata.", + Type: schema.TypeString, + }, + }, + }, + }, + "edge_load_balancing_data_center": { + Optional: true, + Type: schema.TypeList, + Description: "The Edge Load Balancing module allows you to specify groups of data centers that implement load balancing, session persistence, and real-time dynamic failover. Enabling ELB routes requests contextually based on location, device, or network, along with optional rules you specify. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "origin_id": { + Optional: true, + Description: "Corresponds to the `id` specified by the `edgeLoadBalancingOrigin` behavior associated with this data center.", + Type: schema.TypeString, + }, + "description": { + Optional: true, + Description: "Provides a description for the ELB data center, for your own reference.", + Type: schema.TypeString, + }, + "hostname": { + ValidateDiagFunc: validateAny(validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), validateRegexOrVariable("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")), + Optional: true, + Description: "Specifies the data center's hostname.", + Type: schema.TypeString, + }, + "cookie_name": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[^\\s;]+$")), + Optional: true, + Description: "If using session persistence, this specifies the value of the cookie named in the corresponding `edgeLoadBalancingOrigin` behavior's `cookie_name` option.", + Type: schema.TypeString, + }, + "failover_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_failover": { + Optional: true, + Description: "Allows you to specify failover rules.", + Type: schema.TypeBool, + }, + "ip": { + ValidateDiagFunc: validateRegexOrVariable("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"), + Optional: true, + Description: "Specifies this data center's IP address.", + Type: schema.TypeString, + }, + "failover_rules": { + Optional: true, + Description: "Provides up to four failover rules to apply in the specified order.", + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "failover_hostname": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "The hostname of the data center to fail over to.", + Type: schema.TypeString, + }, + "modify_request": { + Optional: true, + Description: "Allows you to modify the request's hostname or path.", + Type: schema.TypeBool, + }, + "override_hostname": { + Optional: true, + Description: "Overrides the request's hostname with the `failover_hostname`.", + Type: schema.TypeBool, + }, + "context_root": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the path to use in the forwarding request, typically the root (`/`) when failing over to a different data center, or a full path such as `/static/error.html` when failing over to an error page.", + Type: schema.TypeString, + }, + "absolute_path": { + Optional: true, + Description: "When enabled, interprets the path specified by `context_root` as an absolute server path, for example to reference a site-down page. Otherwise when disabled, the path is appended to the request.", + Type: schema.TypeBool, + }, + }, + }, + }, + }, + }, + }, + "edge_load_balancing_origin": { + Optional: true, + Type: schema.TypeList, + Description: "The Edge Load Balancing module allows you to implement groups of data centers featuring load balancing, session persistence, and real-time dynamic failover. Enabling ELB routes requests contextually based on location, device, or network, along with optional rules you specify. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "id": { + Optional: true, + Description: "Specifies a unique descriptive string for this ELB origin. The value needs to match the `origin_id` specified by the `edgeLoadBalancingDataCenter` behavior associated with this origin.", + Type: schema.TypeString, + }, + "description": { + Optional: true, + Description: "Provides a description for the ELB origin, for your own reference.", + Type: schema.TypeString, + }, + "hostname": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies the hostname associated with the ELB rule.", + Type: schema.TypeString, + }, + "session_persistence_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_session_persistence": { + Optional: true, + Description: "Allows you to specify a cookie to pin the user's browser session to one data center. When disabled, ELB's default load balancing may send users to various data centers within the same session.", + Type: schema.TypeBool, + }, + "cookie_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This specifies the name of the cookie that marks users' persistent sessions. The accompanying `edgeLoadBalancingDataCenter` behavior's `description` option specifies the cookie's value.", + Type: schema.TypeString, + }, + }, + }, + }, + "edge_origin_authorization": { + Optional: true, + Type: schema.TypeList, + Description: "Allows the origin server to use a cookie to ensure requests from Akamai servers are genuine. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the cookie-authorization behavior.", + Type: schema.TypeBool, + }, + "cookie_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the name of the cookie to use for authorization.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\s;]+$"), + Optional: true, + Description: "Specifies the value of the authorization cookie.", + Type: schema.TypeString, + }, + "domain": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specify the cookie's domain, which needs to match the top-level domain of the `Host` header the origin server receives.", + Type: schema.TypeString, + }, + }, + }, + }, + "edge_redirector": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior enables the `Edge Redirector Cloudlet` application, which helps you manage large numbers of redirects. With Cloudlets available on your contract, choose `Your services` > `Edge logic Cloudlets` to control the Edge Redirector within `Control Center`. Otherwise use the `Cloudlets API` to configure it programmatically. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Edge Redirector Cloudlet.", + Type: schema.TypeBool, + }, + "is_shared_policy": { + Optional: true, + Description: "Whether you want to apply the Cloudlet shared policy to an unlimited number of properties within your account. Learn more about shared policies and how to create them in `Cloudlets Policy Manager`.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Specifies the Cloudlet policy as an object.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "Identifies the Cloudlet shared policy to use with this behavior. Use the `Cloudlets API` to list available shared policies.", + Type: schema.TypeInt, + }, + }, + }, + }, + "edge_scape": { + Optional: true, + Type: schema.TypeList, + Description: "`EdgeScape` allows you to customize content based on the end user's geographic location or connection speed. When enabled, the edge server sends a special `X-Akamai-Edgescape` header to the origin server encoding relevant details about the end-user client as key-value pairs. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, sends the `X-Akamai-Edgescape` request header to the origin.", + Type: schema.TypeBool, + }, + }, + }, + }, + "edge_side_includes": { + Optional: true, + Type: schema.TypeList, + Description: "Allows edge servers to process edge side include (ESI) code to generate dynamic content. To apply this behavior, you need to match on a `contentType`, `path`, or `filename`. Since this behavior requires more parsing time, you should not apply it to pages that lack ESI code, or to any non-HTML content. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables ESI processing.", + Type: schema.TypeBool, + }, + "enable_via_http": { + Optional: true, + Description: "Enable ESI only for content featuring the `Edge-control: dca=esi` HTTP response header.", + Type: schema.TypeBool, + }, + "pass_set_cookie": { + Optional: true, + Description: "Allows edge servers to pass your origin server's cookies to the ESI processor.", + Type: schema.TypeBool, + }, + "pass_client_ip": { + Optional: true, + Description: "Allows edge servers to pass the client IP header to the ESI processor.", + Type: schema.TypeBool, + }, + "i18n_status": { + Optional: true, + Description: "Provides internationalization support for ESI.", + Type: schema.TypeBool, + }, + "i18n_charset": { + Optional: true, + Description: "Specifies the character sets to use when transcoding the ESI language, `UTF-8` and `ISO-8859-1` for example.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "detect_injection": { + Optional: true, + Description: "Denies attempts to inject ESI code.", + Type: schema.TypeBool, + }, + }, + }, + }, + "edge_worker": { + Optional: true, + Type: schema.TypeList, + Description: "`EdgeWorkers` are JavaScript applications that allow you to manipulate your web traffic on edge servers outside of Property Manager behaviors, and deployed independently from your configuration's logic. This behavior applies an EdgeWorker to a set of edge requests. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, applies specified EdgeWorker functionality to this rule's web traffic.", + Type: schema.TypeBool, + }, + "create_edge_worker": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "edge_worker_id": { + Optional: true, + Description: "Identifies the EdgeWorker application to apply to this rule's web traffic. You can use the `EdgeWorkers API` to get this value.", + Type: schema.TypeString, + }, + "resource_tier": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "m_pulse": { + Optional: true, + Description: "Enables mPulse reports that include data about EdgeWorkers errors generated due to JavaScript errors. For more details, see `Integrate mPulse reports with EdgeWorkers`.", + Type: schema.TypeBool, + }, + "m_pulse_information": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "enforce_mtls_settings": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior repeats mTLS validation checks between a requesting client and the edge network. If the checks fail, you can deny the request or apply custom error handling. To use this behavior, you need to add either the `hostname` or `clientCertificate` criteria to the same rule. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable_auth_set": { + Optional: true, + Description: "Whether to require a specific mutual transport layer security (mTLS) certificate authority (CA) set in a request from a client to the edge network.", + Type: schema.TypeBool, + }, + "certificate_authority_set": { + Optional: true, + Description: "Specify the client certificate authority (CA) sets you want to support in client requests. Run the `List CA Sets` operation in the mTLS Edge TrustStore API to get the `setId` value and pass it in this option as a string. If a request includes a set not defined here, it will be denied. The preset list items you can select are contingent on the CA sets you've created using the mTLS Edge Truststore, and then associated with a certificate in the `Certificate Provisioning System`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enable_ocsp_status": { + Optional: true, + Description: "Whether the mutual transport layer security requests from a client should use the online certificate support protocol (OCSP). OCSP can determine the x.509 certificate revocation status during the TLS handshake.", + Type: schema.TypeBool, + }, + "enable_deny_request": { + Optional: true, + Description: "This denies a request from a client that doesn't match what you've set for the options in this behavior. When disabled, non-matching requests are allowed, but you can incorporate a custom handling operation, such as reviewing generated log entries to see the discrepancies, enable the `Client-To-Edge` authentication header, or issue a custom message.", + Type: schema.TypeBool, + }, + }, + }, + }, + "enhanced_akamai_protocol": { + Optional: true, + Type: schema.TypeList, + Description: "Enables the Enhanced Akamai Protocol, a suite of advanced routing and transport optimizations that increase your website's performance and reliability. It is only available to specific applications, and requires a special routing from edge to origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "display": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "enhanced_proxy_detection": { + Optional: true, + Type: schema.TypeList, + Description: "Enhanced Proxy Detection (EPD) leverages the GeoGuard service provided by GeoComply to add proxy detection and location spoofing protection. It identifies requests for your content that have been redirected from an unwanted source through a proxy. You can then allow, deny, or redirect these requests. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Applies GeoGuard proxy detection.", + Type: schema.TypeBool, + }, + "forward_header_enrichment": { + Optional: true, + Description: "Whether the Enhanced Proxy Detection (Akamai-EPD) header is included in the forward request to mark a connecting IP address as an anonymous proxy, with a two-letter designation. See the `epdForwardHeaderEnrichment` behavior for details.", + Type: schema.TypeBool, + }, + "enable_configuration_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BEST_PRACTICE", "ADVANCED"}, false)), + Optional: true, + Description: "Specifies how to field the proxy request.", + Type: schema.TypeString, + }, + "best_practice_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "Specifies how to field the proxy request.", + Type: schema.TypeString, + }, + "best_practice_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect requests.", + Type: schema.TypeString, + }, + "anonymous_vpn": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_anonymous_vpn": { + Optional: true, + Description: "This enables detection of requests from anonymous VPNs.", + Type: schema.TypeBool, + }, + "detect_anonymous_vpn_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "Specifies how to field anonymous VPN requests.", + Type: schema.TypeString, + }, + "detect_anonymous_vpn_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect anonymous VPN requests.", + Type: schema.TypeString, + }, + "public_proxy": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_public_proxy": { + Optional: true, + Description: "This enables detection of requests from public proxies.", + Type: schema.TypeBool, + }, + "detect_public_proxy_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "Specifies how to field public proxy requests.", + Type: schema.TypeString, + }, + "detect_public_proxy_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect public proxy requests.", + Type: schema.TypeString, + }, + "tor_exit_node": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_tor_exit_node": { + Optional: true, + Description: "This enables detection of requests from Tor exit nodes.", + Type: schema.TypeBool, + }, + "detect_tor_exit_node_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "This specifies whether to `DENY`, `ALLOW`, or `REDIRECT` requests from Tor exit nodes.", + Type: schema.TypeString, + }, + "detect_tor_exit_node_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect requests from Tor exit nodes.", + Type: schema.TypeString, + }, + "smart_dns_proxy": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_smart_dns_proxy": { + Optional: true, + Description: "This enables detection of requests from smart DNS proxies.", + Type: schema.TypeBool, + }, + "detect_smart_dns_proxy_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "Specifies whether to `DENY`, `ALLOW`, or `REDIRECT` smart DNS proxy requests.", + Type: schema.TypeString, + }, + "detect_smart_dns_proxy_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect DNS proxy requests.", + Type: schema.TypeString, + }, + "hosting_provider": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_hosting_provider": { + Optional: true, + Description: "This detects requests from a hosting provider.", + Type: schema.TypeBool, + }, + "detect_hosting_provider_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "This specifies whether to `DENY`, `ALLOW`, or `REDIRECT` requests from hosting providers.", + Type: schema.TypeString, + }, + "detect_hosting_provider_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the absolute URL to which to redirect requests from hosting providers.", + Type: schema.TypeString, + }, + "vpn_data_center": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_vpn_data_center": { + Optional: true, + Description: "This enables detection of requests from VPN data centers.", + Type: schema.TypeBool, + }, + "detect_vpn_data_center_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "This specifies whether to `DENY`, `ALLOW`, or `REDIRECT` requests from VPN data centers.", + Type: schema.TypeString, + }, + "detect_vpn_data_center_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect requests from VPN data centers.", + Type: schema.TypeString, + }, + "residential_proxy": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_residential_proxy": { + Optional: true, + Description: "This enables detection of requests from a residential proxy. See `Enhanced Proxy Detection with GeoGuard` and learn more about this GeoGuard category before enabling it.", + Type: schema.TypeBool, + }, + "detect_residential_proxy_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALLOW", "DENY", "REDIRECT"}, false)), + Optional: true, + Description: "This specifies whether to `DENY`, `ALLOW`, or `REDIRECT` requests from residential proxies.", + Type: schema.TypeString, + }, + "detect_residential_proxy_redirecturl": { + ValidateDiagFunc: validateRegexOrVariable("(http|https)://(\\w+:{0,1}\\w*@)?(\\S+)(:[0-9]+)?(/|/([\\w#!:.?+=&%@!\\-/]))?"), + Optional: true, + Description: "This specifies the URL to which to redirect requests.", + Type: schema.TypeString, + }, + }, + }, + }, + "epd_forward_header_enrichment": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior identifies unwanted requests from an anonymous proxy. This and the `enhancedProxyDetection` behavior work together and need to be included either in the same rule, or in the default one. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Sends the Enhanced Proxy Detection (`Akamai-EPD`) header in the forward request to determine whether the connecting IP address is an anonymous proxy. The header can contain one or more two-letter codes that indicate the IP address type detected by edge servers:", + Type: schema.TypeBool, + }, + }, + }, + }, + "fail_action": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies how to respond when the origin is not available: by serving stale content, by serving an error page, or by redirecting. To apply this behavior, you should match on an `originTimeout` or `matchResponseCode`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled in case of a failure to contact the origin, the current behavior applies.", + Type: schema.TypeBool, + }, + "action_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SERVE_STALE", "REDIRECT", "RECREATED_CO", "RECREATED_CEX", "RECREATED_NS", "DYNAMIC"}, false)), + Optional: true, + Description: "Specifies the basic action to take when there is a failure to contact the origin.", + Type: schema.TypeString, + }, + "saas_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HOSTNAME", "PATH", "QUERY_STRING", "COOKIE"}, false)), + Optional: true, + Description: "Identifies the component of the request that identifies the SaaS dynamic fail action.", + Type: schema.TypeString, + }, + "saas_cname_enabled": { + Optional: true, + Description: "Specifies whether to use a CNAME chain to determine the hostname for the SaaS dynamic failaction.", + Type: schema.TypeBool, + }, + "saas_cname_level": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the number of elements in the CNAME chain backwards from the edge hostname that determines the hostname for the SaaS dynamic failaction.", + Type: schema.TypeInt, + }, + "saas_cookie": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the name of the cookie that identifies this SaaS dynamic failaction.", + Type: schema.TypeString, + }, + "saas_query_string": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "Specifies the name of the query parameter that identifies this SaaS dynamic failaction.", + Type: schema.TypeString, + }, + "saas_regex": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9\\:\\[\\]\\{\\}\\(\\)\\.\\?_\\-\\*\\+\\^\\$\\\\\\/\\|&=!]{1,250})$"), + Optional: true, + Description: "Specifies the substitution pattern (a Perl-compatible regular expression) that defines the SaaS dynamic failaction.", + Type: schema.TypeString, + }, + "saas_replace": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z0-9]|\\$[1-9])(([a-zA-Z0-9\\._\\-]|\\$[1-9]){0,250}([a-zA-Z0-9]|\\$[1-9]))?){1,10}$"), + Optional: true, + Description: "Specifies the replacement pattern that defines the SaaS dynamic failaction.", + Type: schema.TypeString, + }, + "saas_suffix": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})\\.(com|net|org|info|biz|us|co\\.uk|ac\\.uk|org\\.uk|me\\.uk|ca|eu|com\\.au|co|co\\.za|ru|es|me|tv|pro|in|ie|de|it|nl|fr|co\\.il|ch|se|co\\.nz|pl|jp|name|mobi|cc|ws|be|com\\.mx|at|nu|asia|co\\.nz|net\\.nz|org\\.nz|com\\.au|net\\.au|org\\.au|tools)$"), + Optional: true, + Description: "Specifies the static portion of the SaaS dynamic failaction.", + Type: schema.TypeString, + }, + "dynamic_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SERVE_301", "SERVE_302", "SERVE_ALTERNATE"}, false)), + Optional: true, + Description: "Specifies the redirect method.", + Type: schema.TypeString, + }, + "dynamic_custom_path": { + Optional: true, + Description: "Allows you to modify the original requested path.", + Type: schema.TypeBool, + }, + "dynamic_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the new path.", + Type: schema.TypeString, + }, + "redirect_hostname_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ORIGINAL", "ALTERNATE"}, false)), + Optional: true, + Description: "Whether to preserve or customize the hostname.", + Type: schema.TypeString, + }, + "redirect_hostname": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "When the `actionType` is `REDIRECT` and the `redirectHostnameType` is `ALTERNATE`, this specifies the hostname for the redirect.", + Type: schema.TypeString, + }, + "redirect_custom_path": { + Optional: true, + Description: "Uses the `redirectPath` to customize a new path.", + Type: schema.TypeBool, + }, + "redirect_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies a new path.", + Type: schema.TypeString, + }, + "redirect_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{302, 301})), + Optional: true, + Description: "Specifies the HTTP response code.", + Type: schema.TypeInt, + }, + "content_hostname": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies the static hostname for the alternate redirect.", + Type: schema.TypeString, + }, + "content_custom_path": { + Optional: true, + Description: "Specifies a custom redirect path.", + Type: schema.TypeBool, + }, + "content_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies a custom redirect path.", + Type: schema.TypeString, + }, + "net_storage_hostname": { + Optional: true, + Description: "When the `actionType` is `RECREATED_NS`, specifies the `NetStorage` origin to serve the alternate content. Contact Akamai Professional Services for your NetStorage origin's `id`.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cp_code": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "download_domain_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "g2o_token": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "net_storage_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "When the `actionType` is `RECREATED_NS`, specifies the path for the `NetStorage` request.", + Type: schema.TypeString, + }, + "cex_hostname": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies a hostname.", + Type: schema.TypeString, + }, + "cex_custom_path": { + Optional: true, + Description: "Specifies a custom path.", + Type: schema.TypeBool, + }, + "cex_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies a custom path.", + Type: schema.TypeString, + }, + "cp_code": { + Optional: true, + Description: "Specifies a CP code for which to log errors for the NetStorage location. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "status_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{200, 404, 500, 100, 101, 102, 103, 122, 201, 202, 203, 204, 205, 206, 207, 226, 400, 401, 402, 403, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 422, 423, 424, 425, 426, 428, 429, 431, 444, 449, 450, 499, 501, 502, 503, 504, 505, 506, 507, 509, 510, 511, 598, 599})), + Optional: true, + Description: "Assigns a new HTTP status code to the failure response.", + Type: schema.TypeInt, + }, + "preserve_query_string": { + Optional: true, + Description: "When using either `contentCustomPath`, `cexCustomPath`, `dynamicCustomPath`, or `redirectCustomPath` to specify a custom path, enabling this passes in the original request's query string as part of the path.", + Type: schema.TypeBool, + }, + "modify_protocol": { + Optional: true, + Description: "Modifies the redirect's protocol using the value of the `protocol` field.", + Type: schema.TypeBool, + }, + "protocol": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HTTP", "HTTPS"}, false)), + Optional: true, + Description: "When the `actionType` is `REDIRECT` and `modifyProtocol` is enabled, this specifies the redirect's protocol.", + Type: schema.TypeString, + }, + "allow_fcm_parent_override": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + }, + }, + }, + "failover_bot_manager_feature_compatibility": { + Optional: true, + Type: schema.TypeList, + Description: "Ensures that functionality such as challenge authentication and reset protocol work with a failover product property you use to create an alternate hostname. Apply it to any properties that implement a failover under the Cloud Security Failover product. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "compatibility": { + Optional: true, + Description: "This behavior does not include any options. Specifying the behavior itself enables it.", + Type: schema.TypeBool, + }, + }, + }, + }, + "fast_invalidate": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, forces a validation test for all edge content to which the behavior applies.", + Type: schema.TypeBool, + }, + }, + }, + }, + "fips": { + Optional: true, + Type: schema.TypeList, + Description: "Ensures `Federal Information Process Standards (FIPS) 140-2` compliance for a connection to an origin server. For this behavior to work properly, verify that your origin's secure certificate supports Enhanced TLS and is FIPS-compliant. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "When enabled, supports the use of FIPS-validated ciphers in the connection between this delivery configuration and your origin server.", + Type: schema.TypeBool, + }, + }, + }, + }, + "first_party_marketing": { + Optional: true, + Type: schema.TypeList, + Description: "Enables the Cloud Marketing Cloudlet, which helps MediaMath customers collect usage data and place corresponding tags for use in online advertising. You can configure tags using either the Cloudlets Policy Manager application or the `Cloudlets API`. See also the `firstPartyMarketingPlus` behavior, which integrates better with both MediaMath and its partners. Both behaviors support the same set of options. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Cloud Marketing Cloudlet.", + Type: schema.TypeBool, + }, + "java_script_insertion_rule": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NEVER", "POLICY", "ALWAYS"}, false)), + Optional: true, + Description: "Select how to insert the MediaMath JavaScript reference script.", + Type: schema.TypeString, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "media_math_prefix": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specify the URL path prefix that distinguishes Cloud Marketing requests from your other web traffic. Include the leading slash character, but no trailing slash. For example, if the path prefix is `/mmath`, and the request is for `www.example.com/dir`, the new URL is `www.example.com/mmath/dir`.", + Type: schema.TypeString, + }, + }, + }, + }, + "first_party_marketing_plus": { + Optional: true, + Type: schema.TypeList, + Description: "Enables the Cloud Marketing Plus Cloudlet, which helps MediaMath customers collect usage data and place corresponding tags for use in online advertising. You can configure tags using either the Cloudlets Policy Manager application or the `Cloudlets API`. See also the `firstPartyMarketing` behavior, which integrates with MediaMath but not its partners. Both behaviors support the same set of options. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Cloud Marketing Plus Cloudlet.", + Type: schema.TypeBool, + }, + "java_script_insertion_rule": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NEVER", "POLICY", "ALWAYS"}, false)), + Optional: true, + Description: "Select how to insert the MediaMath JavaScript reference script.", + Type: schema.TypeString, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "media_math_prefix": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specify the URL path prefix that distinguishes Cloud Marketing requests from your other web traffic. Include the leading slash character, but no trailing slash. For example, if the path prefix is `/mmath`, and the request is for `www.example.com/dir`, the new URL is `www.example.com/mmath/dir`.", + Type: schema.TypeString, + }, + }, + }, + }, + "forward_rewrite": { + Optional: true, + Type: schema.TypeList, + Description: "The Forward Rewrite Cloudlet allows you to conditionally modify the forward path in edge content without affecting the URL that displays in the user's address bar. If Cloudlets are available on your contract, choose `Your services` > `Edge logic Cloudlets` to control how this feature works within `Control Center`, or use the `Cloudlets API` to configure it programmatically. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Forward Rewrite Cloudlet behavior.", + Type: schema.TypeBool, + }, + "is_shared_policy": { + Optional: true, + Description: "Whether you want to use a shared policy for a Cloudlet. Learn more about shared policies and how to create them in `Cloudlets Policy Manager`.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "This identifies the Cloudlet shared policy to use with this behavior. You can list available shared policies with the `Cloudlets API`.", + Type: schema.TypeInt, + }, + }, + }, + }, + "g2oheader": { + Optional: true, + Type: schema.TypeList, + Description: "The `signature header authentication` (g2o) security feature provides header-based verification of outgoing origin requests. Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. This behavior configures the request data, header names, encryption algorithm, and shared secret to use for verification. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the g2o verification behavior.", + Type: schema.TypeBool, + }, + "data_header": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies the name of the header that contains the request data that needs to be encrypted.", + Type: schema.TypeString, + }, + "signed_header": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies the name of the header containing encrypted request data.", + Type: schema.TypeString, + }, + "encoding_version": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{1, 2, 3, 4, 5})), + Optional: true, + Description: "Specifies the version of the encryption algorithm as an integer from `1` through `5`.", + Type: schema.TypeInt, + }, + "use_custom_sign_string": { + Optional: true, + Description: "When disabled, the encrypted string is based on the forwarded URL. If enabled, you can use `customSignString` to customize the set of data to encrypt.", + Type: schema.TypeBool, + }, + "custom_sign_string": { + Optional: true, + Description: "Specifies the set of data to be encrypted as a combination of concatenated strings.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "secret_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[0-9a-zA-Z]{24}$")), + Optional: true, + Description: "Specifies the shared secret key.", + Type: schema.TypeString, + }, + "nonce": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9a-zA-Z]{1,8}$"), + Optional: true, + Description: "Specifies the cryptographic `nonce` string.", + Type: schema.TypeString, + }, + }, + }, + }, + "global_request_number": { + Optional: true, + Type: schema.TypeList, + Description: "Generates a unique identifier for each request on the Akamai edge network, for use in logging and debugging. GRN identifiers follow the same format as Akamai's error reference strings, for example: `0.05313217.1567801841.1457a3`. You can use the Edge Diagnostics API's `Translate error string` operation to get low-level details about any request. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "output_option": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RESPONSE_HEADER", "REQUEST_HEADER", "BOTH_HEADERS", "ASSIGN_VARIABLE"}, false)), + Optional: true, + Description: "Specifies how to report the GRN value.", + Type: schema.TypeString, + }, + "header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "With `outputOption` set to specify any set of headers, this specifies the name of the header to report the GRN value.", + Type: schema.TypeString, + }, + "variable_name": { + Optional: true, + Description: "This specifies the name of the variable to assign the GRN value to. You need to pre-declare any `variable` you specify within the rule tree.", + Type: schema.TypeString, + }, + }, + }, + }, + "graphql_caching": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior configures how to cache GraphQL-based API traffic. Enable `caching` for your GraphQL API traffic, along with `allowPost` to cache POST responses. To configure REST API traffic, use the `rapid` behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables GraphQL caching.", + Type: schema.TypeBool, + }, + "cache_responses_with_errors": { + Optional: true, + Description: "When enabled, caches responses that include an `error` field at the top of the response body object. Disable this if your GraphQL server yields temporary errors with success codes in the 2xx range.", + Type: schema.TypeBool, + }, + "advanced": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "post_request_processing_error_handling": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"APPLY_CACHING_BEHAVIOR", "NO_STORE"}, false)), + Optional: true, + Description: "Specify what happens if GraphQL query processing fails on POST requests.", + Type: schema.TypeString, + }, + "operations_url_query_parameter_name": { + Optional: true, + Description: "Specifies the name of a query parameter that identifies requests as GraphQL queries.", + Type: schema.TypeString, + }, + "operations_json_body_parameter_name": { + Optional: true, + Description: "The name of the JSON body parameter that identifies GraphQL POST requests.", + Type: schema.TypeString, + }, + }, + }, + }, + "gzip_response": { + Optional: true, + Type: schema.TypeList, + Description: "Apply `gzip` compression to speed transfer time. This behavior applies best to text-based content such as HTML, CSS, and JavaScript, especially once files exceed about 10KB. Do not apply it to already compressed image formats, or to small files that would add more time to uncompress. To apply this behavior, you should match on `contentType` or the content's `cacheability`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ORIGIN_RESPONSE", "ALWAYS", "NEVER"}, false)), + Optional: true, + Description: "Specify when to compress responses.", + Type: schema.TypeString, + }, + }, + }, + }, + "hd_data_advanced": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior specifies Akamai XML metadata that can only be configured on your behalf by Akamai Professional Services. Unlike the `advanced` behavior, this may apply a different set of overriding metadata that executes in a post-processing phase. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "description": { + Optional: true, + Description: "Human-readable description of what the XML block does.", + Type: schema.TypeString, + }, + "xml": { + Optional: true, + Description: "A block of Akamai XML metadata.", + Type: schema.TypeString, + }, + }, + }, + }, + "health_detection": { + Optional: true, + Type: schema.TypeList, + Description: "Monitors the health of your origin server by tracking unsuccessful attempts to contact it. Use this behavior to keep end users from having to wait several seconds before a forwarded request times out, or to reduce requests on the origin server when it is unavailable. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "retry_count": { + Optional: true, + Description: "The number of consecutive connection failures that mark an IP address as faulty.", + Type: schema.TypeInt, + }, + "retry_interval": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the amount of time the edge server will wait before trying to reconnect to an IP address it has already identified as faulty.", + Type: schema.TypeString, + }, + "maximum_reconnects": { + Optional: true, + Description: "Specifies the maximum number of times the edge server will contact your origin server. If your origin is associated with several IP addresses, `maximumReconnects` effectively overrides the value of `retryCount`.", + Type: schema.TypeInt, + }, + }, + }, + }, + "hsaf_eip_binding": { + Optional: true, + Type: schema.TypeList, + Description: "Edge IP Binding works with a limited set of static IP addresses to distribute your content, which can be limiting in large footprint environments. This behavior sets Hash Serial and Forward (HSAF) for Edge IP Binding to deal with larger footprints. It can only be configured on your behalf by Akamai Professional Services. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables HSAF for Edge IP Binding customers with a large footprint.", + Type: schema.TypeBool, + }, + "custom_extracted_serial": { + Optional: true, + Description: "Whether to pull the serial number from the variable value set in the `advanced` behavior. Work with your Akamai Services team to add the `advanced` behavior earlier in your property to extract and apply the `AKA_PM_EIP_HSAF_SERIAL` variable.", + Type: schema.TypeBool, + }, + "hash_min_value": { + Optional: true, + Description: "Specifies the minimum value for the HSAF hash range, from 2 through 2045. This needs to be lower than `hashMaxValue`.", + Type: schema.TypeInt, + }, + "hash_max_value": { + Optional: true, + Description: "Specifies the maximum value for the hash range, from 3 through 2046. This needs to be higher than `hashMinValue`.", + Type: schema.TypeInt, + }, + "tier": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"EDGE", "PARENT", "BOTH"}, false)), + Optional: true, + Description: "Specifies where the behavior is applied.", + Type: schema.TypeString, + }, + }, + }, + }, + "http2": { + Optional: true, + Type: schema.TypeList, + Description: "Enables the HTTP/2 protocol, which reduces latency and improves efficiency. You can only apply this behavior if the property is marked as secure. See `Secure property requirements` for guidance. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "http3": { + Optional: true, + Type: schema.TypeList, + Description: "This enables the HTTP/3 protocol that uses QUIC. The behavior allows for improved performance and faster connection setup. You can only apply this behavior if the property is marked as secure. See `Secure property requirements` and the `Property Manager documentation` for guidance. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "This enables HTTP/3 connections between requesting clients and Akamai edge servers. You also need to enable QUIC and TLS 1.3 in your certificate deployment settings. See the `Property Manager documentation` for more details.", + Type: schema.TypeBool, + }, + }, + }, + }, + "http_strict_transport_security": { + Optional: true, + Type: schema.TypeList, + Description: "Applies HTTP Strict Transport Security (HSTS), disallowing insecure HTTP traffic. Apply this to hostnames managed with Standard TLS or Enhanced TLS certificates. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "Applies HSTS to this set of requests.", + Type: schema.TypeBool, + }, + "max_age": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ZERO_MINS", "TEN_MINS", "ONE_DAY", "ONE_MONTH", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR"}, false)), + Optional: true, + Description: "Specifies the duration for which to apply HSTS for new browser connections.", + Type: schema.TypeString, + }, + "include_sub_domains": { + Optional: true, + Description: "When enabled, applies HSTS to all subdomains.", + Type: schema.TypeBool, + }, + "preload": { + Optional: true, + Description: "When enabled, adds this domain to the browser's preload list. You still need to declare the domain at `hstspreload.org`.", + Type: schema.TypeBool, + }, + "redirect": { + Optional: true, + Description: "When enabled, redirects all HTTP requests to HTTPS.", + Type: schema.TypeBool, + }, + "redirect_status_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{301, 302})), + Optional: true, + Description: "Specifies a response code.", + Type: schema.TypeInt, + }, + }, + }, + }, + "http_to_https_upgrade": { + Optional: true, + Type: schema.TypeList, + Description: "Upgrades an HTTP edge request to HTTPS for the remainder of the request flow. Enable this behavior only if your origin supports HTTPS, and if your `origin` behavior is configured with `originCertsToHonor` to verify SSL certificates. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "upgrade": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "im_override": { + Optional: true, + Type: schema.TypeList, + Description: "This specifies common query parameters that affect how `imageManager` transforms images, potentially overriding policy, width, format, or density request parameters. This also allows you to assign the value of one of the property's `rule tree variables` to one of Image and Video Manager's own policy variables. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "override": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"POLICY", "POLICY_VARIABLE", "WIDTH", "FORMAT", "DPR", "EXCLUDE_QUERY"}, false)), + Optional: true, + Description: "Selects the type of query parameter you want to set.", + Type: schema.TypeString, + }, + "typesel": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"VALUE", "VARIABLE"}, false)), + Optional: true, + Description: "Specifies how to set a query parameter.", + Type: schema.TypeString, + }, + "formatvar": { + Optional: true, + Description: "This selects the variable with the name of the browser you want to optimize images for. The variable specifies the same type of data as the `format` option below.", + Type: schema.TypeString, + }, + "format": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CHROME", "IE", "SAFARI", "GENERIC", "AVIF_WEBP_JPEG_PNG_GIF", "JP2_WEBP_JPEG_PNG_GIF", "WEBP_JPEG_PNG_GIF", "JPEG_PNG_GIF"}, false)), + Optional: true, + Description: "Specifies the type of the browser, or the encodings passed in the `Accept` header, that you want to optimize images for.", + Type: schema.TypeString, + }, + "dprvar": { + Optional: true, + Description: "This selects the variable with the desired pixel density. The variable specifies the same type of data as the `dpr` option below.", + Type: schema.TypeString, + }, + "dpr": { + Optional: true, + Description: "Directly specifies the pixel density. The numeric value is a scaling factor of 1, representing normal density.", + Type: schema.TypeFloat, + }, + "widthvar": { + Optional: true, + Description: "Selects the variable with the desired width. If the Image and Video Manager policy doesn't define that width, it serves the next largest width.", + Type: schema.TypeString, + }, + "width": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Sets the image's desired pixel width directly. If the Image Manager policy doesn't define that width, it serves the next largest width.", + Type: schema.TypeFloat, + }, + "policyvar": { + Optional: true, + Description: "This selects the variable with the desired Image and Video Manager policy name to apply to image requests. If there is no policy by that name, Image and Video Manager serves the image unmodified.", + Type: schema.TypeString, + }, + "policy": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,32}$"), + Optional: true, + Description: "This selects the desired Image and Video Manager policy name directly. If there is no policy by that name, Image and Video Manager serves the image unmodified.", + Type: schema.TypeString, + }, + "policyvar_name": { + Optional: true, + Description: "This selects the name of one of the variables defined in an Image and Video Manager policy that you want to replace with the property's rule tree variable.", + Type: schema.TypeString, + }, + "policyvar_i_mvar": { + Optional: true, + Description: "This selects one of the property's rule tree variables to assign to the `policyvarName` variable within Image and Video Manager.", + Type: schema.TypeString, + }, + "exclude_all_query_parameters": { + Optional: true, + Description: "Whether to exclude all query parameters from the Image and Video Manager cache key.", + Type: schema.TypeBool, + }, + "excluded_query_parameters": { + Optional: true, + Description: "Specifies individual query parameters to exclude from the Image and Video Manager cache key.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "image_and_video_manager": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "policy_set_type": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "resize": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "apply_best_file_type": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "cp_code_original": { + Optional: true, + Description: "", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "cp_code_transformed": { + Optional: true, + Description: "", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "image_set": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]+([^-].|[^v])$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "video_set": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]+-v$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "image_manager": { + Optional: true, + Type: schema.TypeList, + Description: "Optimizes images' size or file type for the requesting device. You can also use this behavior to generate API tokens to apply your own policies to matching images using the `Image and Video Manager API`. To apply this behavior, you need to match on a `fileExtension`. Once you apply Image and Video Manager to traffic, you can add the `advancedImMatch` to ensure the behavior applies to the requests from the Image and Video Manager backend. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "settings_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enable image management capabilities and generate a corresponding API token.", + Type: schema.TypeBool, + }, + "resize": { + Optional: true, + Description: "Specify whether to scale down images to the maximum screen resolution, as determined by the rendering device's user agent. Note that enabling this may affect screen layout in unexpected ways.", + Type: schema.TypeBool, + }, + "apply_best_file_type": { + Optional: true, + Description: "Specify whether to convert images to the best file type for the requesting device, based on its user agent and the initial image file. This produces the smallest file size possible that retains image quality.", + Type: schema.TypeBool, + }, + "super_cache_region": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"US", "ASIA", "AUSTRALIA", "EMEA", "JAPAN", "CHINA"}, false)), + Optional: true, + Description: "Specifies a location for your site's heaviest traffic, for use in caching derivatives on edge servers.", + Type: schema.TypeString, + }, + "traffic_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "cp_code_original": { + Optional: true, + Description: "Assigns a CP code to track traffic and billing for original images that the Image and Video Manager has not modified. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "cp_code_transformed": { + Optional: true, + Description: "Assigns a separate CP code to track traffic and billing for derived images. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "api_reference_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "use_existing_policy_set": { + Optional: true, + Description: "Whether to use a previously created policy set that may be referenced in other properties, or create a new policy set to use with this property. A policy set can be shared across multiple properties belonging to the same contract. The behavior populates any changes to the policy set across all properties that reference that set.", + Type: schema.TypeBool, + }, + "policy_set": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]+([^-].|[^v])$"), + Optional: true, + Description: "Identifies the existing policy set configured with `Image and Video Manager API`.", + Type: schema.TypeString, + }, + "advanced": { + Optional: true, + Description: "Generates a custom `Image and Video Manager API` token to apply a corresponding policy to this set of images. The token consists of a descriptive label (the `policyToken`) concatenated with a property-specific identifier that's generated when you save the property. The API registers the token when you activate the property.", + Type: schema.TypeBool, + }, + "policy_token": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,64}$"), + Optional: true, + Description: "Assign a prefix label to help match the policy token to this set of images, limited to 32 alphanumeric or underscore characters. If you don't specify a label, `default` becomes the prefix.", + Type: schema.TypeString, + }, + "policy_token_default": { + Optional: true, + Description: "Specify the default policy identifier, which is registered with the `Image and Video Manager API` once you activate this property. The `advanced` option needs to be inactive.", + Type: schema.TypeString, + }, + }, + }, + }, + "image_manager_video": { + Optional: true, + Type: schema.TypeList, + Description: "Optimizes videos managed by Image and Video Manager for the requesting device. You can also use this behavior to generate API tokens to apply your own policies to matching videos using the `Image and Video Manager API`. To apply this behavior, you need to match on a `fileExtension`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "settings_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Applies Image and Video Manager's video optimization to the current content.", + Type: schema.TypeBool, + }, + "resize": { + Optional: true, + Description: "When enabled, scales down video for smaller mobile screens, based on the device's `User-Agent` header.", + Type: schema.TypeBool, + }, + "apply_best_file_type": { + Optional: true, + Description: "When enabled, automatically converts videos to the best file type for the requesting device. This produces the smallest file size that retains image quality, based on the user agent and the initial image file.", + Type: schema.TypeBool, + }, + "super_cache_region": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"US", "ASIA", "AUSTRALIA", "EMEA", "JAPAN", "CHINA"}, false)), + Optional: true, + Description: "To optimize caching, assign a region close to your site's heaviest traffic.", + Type: schema.TypeString, + }, + "traffic_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "cp_code_original": { + Optional: true, + Description: "Specifies the CP code for which to track Image and Video Manager video traffic. Use this along with `cpCodeTransformed` to track traffic to derivative video content. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "cp_code_transformed": { + Optional: true, + Description: "Specifies the CP code to identify derivative transformed video content. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "api_reference_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "use_existing_policy_set": { + Optional: true, + Description: "Whether to use a previously created policy set that may be referenced in other properties, or create a new policy set to use with this property. A policy set can be shared across multiple properties belonging to the same contract. The behavior populates any changes to the policy set across all properties that reference that set.", + Type: schema.TypeBool, + }, + "policy_set": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]+-v$"), + Optional: true, + Description: "Identifies the existing policy set configured with `Image and Video Manager API`.", + Type: schema.TypeString, + }, + "advanced": { + Optional: true, + Description: "When disabled, applies a single standard policy based on your property name. Allows you to reference a rule-specific `policyToken` for videos with different match criteria.", + Type: schema.TypeBool, + }, + "policy_token": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,64}$"), + Optional: true, + Description: "Specifies a custom policy defined in the Image and Video Manager Policy Manager or the `Image and Video Manager API`. The policy name can include up to 64 alphanumeric, dash, or underscore characters.", + Type: schema.TypeString, + }, + "policy_token_default": { + Optional: true, + Description: "Specifies the default policy identifier, which is registered with the `Image and Video Manager API` once you activate this property.", + Type: schema.TypeString, + }, + }, + }, + }, + "include": { + Optional: true, + Type: schema.TypeList, + Description: "Includes let you reuse chunks of a property configuration that you can manage separately from the rest of the property rule tree. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "id": { + Optional: true, + Description: "Identifies the include you want to add to your rule tree. You can get the include ID using `PAPI`. This option only accepts digits, without the `inc_` ID prefix.", + Type: schema.TypeString, + }, + }, + }, + }, + "instant": { + Optional: true, + Type: schema.TypeList, + Description: "The Instant feature allows you to prefetch content to the edge cache by adding link relation attributes to markup. For example: This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "prefetch_cacheable": { + Optional: true, + Description: "When enabled, applies prefetching only to objects already set to be cacheable, for example using the `caching` behavior. Only applies to content with the `tieredDistribution` behavior enabled.", + Type: schema.TypeBool, + }, + "prefetch_no_store": { + Optional: true, + Description: "Allows otherwise non-cacheable `no-store` content to prefetch if the URL path ends with `/` to indicate a request for a default file, or if the extension matches the value of the `prefetchNoStoreExtensions` option. Only applies to content with the `sureRoute` behavior enabled.", + Type: schema.TypeBool, + }, + "prefetch_no_store_extensions": { + Optional: true, + Description: "Specifies a set of file extensions for which the `prefetchNoStore` option is allowed.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "prefetch_html": { + Optional: true, + Description: "Allows edge servers to prefetch additional HTML pages while pages that link to them are being delivered. This only applies to links from `` or `` tags with the appropriate link relation attribute.", + Type: schema.TypeBool, + }, + "custom_link_relations": { + Optional: true, + Description: "Specify link relation values that activate the prefetching behavior. For example, specifying `fetch` allows you to use shorter `rel=\"fetch\"` markup.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "instant_config": { + Optional: true, + Type: schema.TypeList, + Description: "Multi-Domain Configuration, also known as `InstantConfig`, allows you to apply property settings to all incoming hostnames based on a DNS lookup, without explicitly listing them among the property's hostnames. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the InstantConfig behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "large_file_optimization": { + Optional: true, + Type: schema.TypeList, + Description: "The `Large File Optimization` (LFO) feature improves performance and reliability when delivering large files. You need this behavior for objects larger than 1.8GB, and you should apply it to anything over 100MB. You should apply it only to the specific content to be optimized, such as a download directory's `.gz` files, and enable the `useVersioning` option while enforcing your own filename versioning policy. Make sure you meet all the `requirements and best practices` for the LFO delivery. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the file optimization behavior.", + Type: schema.TypeBool, + }, + "enable_partial_object_caching": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"PARTIAL_OBJECT_CACHING", "NON_PARTIAL_OBJECT_CACHING"}, false)), + Optional: true, + Description: "Specifies whether to cache partial objects.", + Type: schema.TypeString, + }, + "minimum_size": { + ValidateDiagFunc: validateRegexOrVariable("^\\d+[K,M,G,T]B$"), + Optional: true, + Description: "Optimization only applies to files larger than this, expressed as a number suffixed with a unit string such as `MB` or `GB`.", + Type: schema.TypeString, + }, + "maximum_size": { + ValidateDiagFunc: validateRegexOrVariable("^\\d+[K,M,G,T]B$"), + Optional: true, + Description: "Optimization does not apply to files larger than this, expressed as a number suffixed with a unit string such as `MB` or `GB`. The size of a file can't be greater than 323 GB. If you need to optimize a larger file, contact Akamai Professional Services for help. This option is for internal usage only.", + Type: schema.TypeString, + }, + "use_versioning": { + Optional: true, + Description: "When `enablePartialObjectCaching` is set to `PARTIAL_OBJECT_CACHING`, enabling this option signals your intention to vary filenames by version, strongly recommended to avoid serving corrupt content when chunks come from different versions of the same file.", + Type: schema.TypeBool, + }, + }, + }, + }, + "large_file_optimization_advanced": { + Optional: true, + Type: schema.TypeList, + Description: "The `Large File Optimization` feature improves performance and reliability when delivering large files. You need this behavior for objects larger than 1.8GB, and it's recommended for anything over 100MB. You should apply it only to the specific content to be optimized, such as a download directory's `.gz` files. Note that it is best to use `NetStorage` for objects larger than 1.8GB. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the file optimization behavior.", + Type: schema.TypeBool, + }, + "object_size": { + ValidateDiagFunc: validateRegexOrVariable("^\\d+[K,M,G,T]B$"), + Optional: true, + Description: "Specifies the size of the file at which point to apply partial object (POC) caching. Append a numeric value with a `MB` or `GB` suffix.", + Type: schema.TypeString, + }, + "fragment_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HALF_MB", "ONE_MB", "TWO_MB", "FOUR_MB"}, false)), + Optional: true, + Description: "Specifies the size of each fragment used for partial object caching.", + Type: schema.TypeString, + }, + "prefetch_during_request": { + Optional: true, + Description: "The number of POC fragments to prefetch during the request.", + Type: schema.TypeInt, + }, + "prefetch_after_request": { + Optional: true, + Description: "The number of POC fragments to prefetch after the request.", + Type: schema.TypeInt, + }, + }, + }, + }, + "limit_bit_rate": { + Optional: true, + Type: schema.TypeList, + Description: "Control the rate at which content serves out to end users, optionally varying the speed depending on the file size or elapsed download time. Each bit rate specified in the `bitrateTable` array corresponds to a `thresholdTable` entry that activates it. You can use this behavior to prevent media downloads from progressing faster than they are viewed, for example, or to differentiate various tiers of end-user experience. To apply this behavior, you should match on a `contentType`, `path`, or `filename`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, activates the bit rate limiting behavior.", + Type: schema.TypeBool, + }, + "bitrate_table": { + Optional: true, + Description: "Specifies a download rate that corresponds to a `thresholdTable` entry. The bit rate appears as a two-member object consisting of a numeric `bitrateValue` and a `bitrateUnit` string, with allowed values of `Kbps`, `Mbps`, and `Gbps`.", + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "bitrate_value": { + Optional: true, + Description: "The numeric indicator of the download rate.", + Type: schema.TypeFloat, + }, + "bitrate_unit": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"KBPS", "MBPS", "GBPS"}, false)), + Optional: true, + Description: "The unit of measurement, either `KBPS`, `MBPS`, or `GBPS`.", + Type: schema.TypeString, + }, + }, + }, + }, + "threshold_table": { + Optional: true, + Description: "Specifies the minimum size of the file or the amount of elapsed download time before applying the bit rate limit from the corresponding `bitrateTable` entry. The threshold appears as a two-member object consisting of a numeric `thresholdValue` and `thresholdUnit` string, with allowed values of `SECONDS` or `BYTES`.", + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "threshold_value": { + Optional: true, + Description: "The numeric indicator of the minimum file size or elapsed download time.", + Type: schema.TypeInt, + }, + "threshold_unit": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BYTES", "SECONDS"}, false)), + Optional: true, + Description: "The unit of measurement, either `SECONDS` of the elapsed download time, or `BYTES` of the file size.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "log_custom": { + Optional: true, + Type: schema.TypeList, + Description: "Logs custom details from the origin response in the `Log Delivery Service` report. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "log_custom_log_field": { + Optional: true, + Description: "Whether to append additional custom data to each log line.", + Type: schema.TypeBool, + }, + "custom_log_field": { + Optional: true, + Description: "Specifies an additional data field to append to each log line, maximum 1000 bytes, typically based on a dynamically generated built-in system variable. For example, `round-trip: {{builtin.AK_CLIENT_TURNAROUND_TIME}}ms` logs the total time to complete the response. See `Support for variables` for more information. Since this option can specify both a request and response, it overrides any `customLogField` settings in the `report` behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "m_pulse": { + Optional: true, + Type: schema.TypeList, + Description: "`mPulse` provides high-level performance analytics and predictive recommendations based on real end user data. See the `mPulse Quick Start` to set up mPulse on your website. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Applies performance monitoring to this behavior's set of content.", + Type: schema.TypeBool, + }, + "require_pci": { + Optional: true, + Description: "Suppresses gathering metrics for potentially sensitive end-user interactions. Enabling this omits data from some older browsers.", + Type: schema.TypeBool, + }, + "loader_version": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"V10", "V12", "LATEST", "BETA"}, false)), + Optional: true, + Description: "Specifies the version of the Boomerang JavaScript loader snippet. See `mPulse Loader Snippets` for more information.", + Type: schema.TypeString, + }, + "title_optional": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "api_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^$|^[a-zA-Z2-9]{5}-[a-zA-Z2-9]{5}-[a-zA-Z2-9]{5}-[a-zA-Z2-9]{5}-[a-zA-Z2-9]{5}$")), + Optional: true, + Description: "This generated value uniquely identifies sections of your website for you to analyze independently. To access this value, see `Enable mPulse in Property Manager`.", + Type: schema.TypeString, + }, + "buffer_size": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^(1[5-9][0-9]|1[0-9]{3}|[2-9][0-9]{2,3})$")), + Optional: true, + Description: "Allows you to override the browser's default (150) maximum number of reported performance timeline entries.", + Type: schema.TypeString, + }, + "config_override": { + Optional: true, + Description: "A JSON string representing a configuration object passed to the JavaScript library under which mPulse runs. It corresponds at run-time to the `window.BOOMR_config` object. For example, this turns on monitoring of Single Page App frameworks: `\"{\\\"history\\\": {\\\"enabled\\\": true, \\\"auto\\\": true}}\"`. See `Configuration Overrides` for more information.", + Type: schema.TypeString, + }, + }, + }, + }, + "manifest_personalization": { + Optional: true, + Type: schema.TypeList, + Description: "Allows customers who use the Adaptive Media Delivery product to enhance content based on the capabilities of each end user's device. This behavior configures a `manifest` for both HLS Live and on-demand streaming. For more information, see `Adaptive Media Delivery`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Manifest Personalization feature.", + Type: schema.TypeBool, + }, + "hls_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "hls_enabled": { + Optional: true, + Description: "Allows you to customize the HLS master manifest that's sent to the requesting client.", + Type: schema.TypeBool, + }, + "hls_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BEST_PRACTICE", "CUSTOM"}, false)), + Optional: true, + Description: "Applies with `hlsEnabled` on.", + Type: schema.TypeString, + }, + "hls_preferred_bitrate": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^\\d+$")), + Optional: true, + Description: "Sets the preferred bit rate in Kbps. This causes the media playlist specified in the `#EXT-X-STREAM-INF` tag that most closely matches the value to list first. All other playlists maintain their current position in the manifest.", + Type: schema.TypeString, + }, + "hls_filter_in_bitrates": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^\\d+(,\\d+)*$")), + Optional: true, + Description: "Specifies a comma-delimited set of preferred bit rates, such as `100,200,400`. Playlists specified in the `#EXT-X-STREAM-INF` tag with bit rates outside of any of those values by up to 100 Kbps are excluded from the manifest.", + Type: schema.TypeString, + }, + "hls_filter_in_bitrate_ranges": { + Optional: true, + Description: "Specifies a comma-delimited set of bit rate ranges, such as `100-400,1000-4000`. Playlists specified in the `#EXT-X-STREAM-INF` tag with bit rates outside of any of those ranges are excluded from the manifest.", + Type: schema.TypeString, + }, + "hls_query_param_enabled": { + Optional: true, + Description: "Specifies query parameters for the HLS master manifest to customize the manifest's content. Any settings specified in the query string override those already configured in Property Manager.", + Type: schema.TypeBool, + }, + "hls_query_param_secret_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^(0x)?[0-9a-fA-F]{32}$")), + Optional: true, + Description: "Specifies a primary key as a token to accompany the request.", + Type: schema.TypeString, + }, + "hls_query_param_transition_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^(0x)?[0-9a-fA-F]{32}$")), + Optional: true, + Description: "Specifies a transition key as a token to accompany the request.", + Type: schema.TypeString, + }, + "hls_show_advanced": { + Optional: true, + Description: "Allows you to configure advanced settings.", + Type: schema.TypeBool, + }, + "hls_enable_debug_headers": { + Optional: true, + Description: "Includes additional `Akamai-Manifest-Personalization` and `Akamai-Manifest-Personalization-Config-Source` debugging headers.", + Type: schema.TypeBool, + }, + }, + }, + }, + "manifest_rerouting": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior works with `adScalerCircuitBreaker`. It delegates parts of the media delivery workflow, like ad insertion, to other technology partners. Akamai reroutes manifest file requests to partner platforms for processing prior to being delivered. Rerouting simplifies the workflow and improves the media streaming experience. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "partner": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"adobe_primetime"}, false)), + Optional: true, + Description: "Set this value to `adobe_primetime`, which is an external technology partner that provides value added offerings, like advertisement integration, to the requested media objects.", + Type: schema.TypeString, + }, + "username": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9A-Za-z!@.,;:'\"?-]{1,50}$"), + Optional: true, + Description: "The user name for your Adobe Primetime account.", + Type: schema.TypeString, + }, + }, + }, + }, + "manual_server_push": { + Optional: true, + Type: schema.TypeList, + Description: "With the `http2` behavior enabled, this loads a specified set of objects into the client browser's cache. To apply this behavior, you should match on a `path` or `filename`. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "serverpushlist": { + Optional: true, + Description: "Specifies the set of objects to load into the client browser's cache over HTTP2. Each value in the array represents a hostname and full path to the object, such as `www.example.com/js/site.js`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "media_acceleration": { + Optional: true, + Type: schema.TypeList, + Description: "Enables Accelerated Media Delivery for this set of requests. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables Media Acceleration.", + Type: schema.TypeBool, + }, + }, + }, + }, + "media_acceleration_quic_optout": { + Optional: true, + Type: schema.TypeList, + Description: "When enabled, disables use of QUIC protocol for this set of accelerated media content. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "optout": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "media_client": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables client-side download analytics.", + Type: schema.TypeBool, + }, + "beacon_id": { + Optional: true, + Description: "Specifies the ID of data source's beacon.", + Type: schema.TypeString, + }, + "use_hybrid_http_udp": { + Optional: true, + Description: "Enables the hybrid HTTP/UDP protocol.", + Type: schema.TypeBool, + }, + }, + }, + }, + "media_file_retrieval_optimization": { + Optional: true, + Type: schema.TypeList, + Description: "Media File Retrieval Optimization (MFRO) speeds the delivery of large media files by relying on caches of partial objects. You should use it for files larger than 100 MB. It's required for files larger than 1.8 GB, and works best with `NetStorage`. To apply this behavior, you should match on a `fileExtension`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the partial-object caching behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "media_origin_failover": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies how edge servers respond when the origin is unresponsive, or suffers from server or content errors. You can specify how many times to retry, switch to a backup origin hostname, or configure a redirect. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "detect_origin_unresponsive_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_origin_unresponsive": { + Optional: true, + Description: "Allows you to configure what happens when the origin is unresponsive.", + Type: schema.TypeBool, + }, + "origin_unresponsive_detection_level": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"AGGRESSIVE", "CONSERVATIVE", "MODERATE"}, false)), + Optional: true, + Description: "Specify the level of response to slow origin connections.", + Type: schema.TypeString, + }, + "origin_unresponsive_blacklist_origin_ip": { + Optional: true, + Description: "Enabling this blacklists the origin's IP address.", + Type: schema.TypeBool, + }, + "origin_unresponsive_blacklist_window": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"TEN_S", "THIRTY_S"}, false)), + Optional: true, + Description: "This sets the delay before blacklisting an IP address.", + Type: schema.TypeString, + }, + "origin_unresponsive_recovery": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RETRY_X_TIMES", "SWITCH_TO_BACKUP_ORIGIN", "REDIRECT_TO_DIFFERENT_ORIGIN_LOCATION"}, false)), + Optional: true, + Description: "This sets the recovery option.", + Type: schema.TypeString, + }, + "origin_unresponsive_retry_limit": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ONE", "TWO", "THREE"}, false)), + Optional: true, + Description: "Sets how many times to retry.", + Type: schema.TypeString, + }, + "origin_unresponsive_backup_host": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies the origin hostname.", + Type: schema.TypeString, + }, + "origin_unresponsive_alternate_host": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies the redirect's destination hostname.", + Type: schema.TypeString, + }, + "origin_unresponsive_modify_request_path": { + Optional: true, + Description: "Modifies the request path.", + Type: schema.TypeBool, + }, + "origin_unresponsive_modified_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "This specifies the path to form the new URL.", + Type: schema.TypeString, + }, + "origin_unresponsive_include_query_string": { + Optional: true, + Description: "Enabling this includes the original set of query parameters.", + Type: schema.TypeBool, + }, + "origin_unresponsive_redirect_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{301, 302})), + Optional: true, + Description: "Specifies the redirect response code.", + Type: schema.TypeInt, + }, + "origin_unresponsive_change_protocol": { + Optional: true, + Description: "This allows you to change the request protocol.", + Type: schema.TypeBool, + }, + "origin_unresponsive_protocol": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HTTP", "HTTPS"}, false)), + Optional: true, + Description: "Specifies which protocol to use.", + Type: schema.TypeString, + }, + "detect_origin_unavailable_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_origin_unavailable": { + Optional: true, + Description: "Allows you to configure failover settings when the origin server responds with errors.", + Type: schema.TypeBool, + }, + "origin_unavailable_detection_level": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RESPONSE_CODES"}, false)), + Optional: true, + Description: "Specify `RESPONSE_CODES`, the only available option.", + Type: schema.TypeString, + }, + "origin_unavailable_response_codes": { + Optional: true, + Description: "Specifies the set of response codes identifying when the origin responds with errors.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "origin_unavailable_blacklist_origin_ip": { + Optional: true, + Description: "Enabling this blacklists the origin's IP address.", + Type: schema.TypeBool, + }, + "origin_unavailable_blacklist_window": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"TEN_S", "THIRTY_S"}, false)), + Optional: true, + Description: "This sets the delay before blacklisting an IP address.", + Type: schema.TypeString, + }, + "origin_unavailable_recovery": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RETRY_X_TIMES", "SWITCH_TO_BACKUP_ORIGIN", "REDIRECT_TO_DIFFERENT_ORIGIN_LOCATION"}, false)), + Optional: true, + Description: "This sets the recovery option.", + Type: schema.TypeString, + }, + "origin_unavailable_retry_limit": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ONE", "TWO", "THREE"}, false)), + Optional: true, + Description: "Sets how many times to retry.", + Type: schema.TypeString, + }, + "origin_unavailable_backup_host": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies the origin hostname.", + Type: schema.TypeString, + }, + "origin_unavailable_alternate_host": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies the redirect's destination hostname.", + Type: schema.TypeString, + }, + "origin_unavailable_modify_request_path": { + Optional: true, + Description: "Modifies the request path.", + Type: schema.TypeBool, + }, + "origin_unavailable_modified_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "This specifies the path to form the new URL.", + Type: schema.TypeString, + }, + "origin_unavailable_include_query_string": { + Optional: true, + Description: "Enabling this includes the original set of query parameters.", + Type: schema.TypeBool, + }, + "origin_unavailable_redirect_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{301, 302})), + Optional: true, + Description: "Specifies either a redirect response code.", + Type: schema.TypeInt, + }, + "origin_unavailable_change_protocol": { + Optional: true, + Description: "Modifies the request protocol.", + Type: schema.TypeBool, + }, + "origin_unavailable_protocol": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HTTP", "HTTPS"}, false)), + Optional: true, + Description: "Specifies either the `HTTP` or `HTTPS` protocol.", + Type: schema.TypeString, + }, + "detect_object_unavailable_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "detect_object_unavailable": { + Optional: true, + Description: "Allows you to configure failover settings when the origin has content errors.", + Type: schema.TypeBool, + }, + "object_unavailable_detection_level": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RESPONSE_CODES"}, false)), + Optional: true, + Description: "Specify `RESPONSE_CODES`, the only available option.", + Type: schema.TypeString, + }, + "object_unavailable_response_codes": { + Optional: true, + Description: "Specifies the set of response codes identifying when there are content errors.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "object_unavailable_blacklist_origin_ip": { + Optional: true, + Description: "Enabling this blacklists the origin's IP address.", + Type: schema.TypeBool, + }, + "object_unavailable_blacklist_window": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"TEN_S", "THIRTY_S"}, false)), + Optional: true, + Description: "This sets the delay before blacklisting an IP address.", + Type: schema.TypeString, + }, + "object_unavailable_recovery": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RETRY_X_TIMES", "SWITCH_TO_BACKUP_ORIGIN", "REDIRECT_TO_DIFFERENT_ORIGIN_LOCATION"}, false)), + Optional: true, + Description: "This sets the recovery option.", + Type: schema.TypeString, + }, + "object_unavailable_retry_limit": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ONE", "TWO", "THREE"}, false)), + Optional: true, + Description: "Sets how many times to retry.", + Type: schema.TypeString, + }, + "object_unavailable_backup_host": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies the origin hostname.", + Type: schema.TypeString, + }, + "object_unavailable_alternate_host": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies the redirect's destination hostname.", + Type: schema.TypeString, + }, + "object_unavailable_modify_request_path": { + Optional: true, + Description: "Enabling this allows you to modify the request path.", + Type: schema.TypeBool, + }, + "object_unavailable_modified_path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "This specifies the path to form the new URL.", + Type: schema.TypeString, + }, + "object_unavailable_include_query_string": { + Optional: true, + Description: "Enabling this includes the original set of query parameters.", + Type: schema.TypeBool, + }, + "object_unavailable_redirect_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{301, 302})), + Optional: true, + Description: "Specifies a redirect response code.", + Type: schema.TypeInt, + }, + "object_unavailable_change_protocol": { + Optional: true, + Description: "Changes the request protocol.", + Type: schema.TypeBool, + }, + "object_unavailable_protocol": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HTTP", "HTTPS"}, false)), + Optional: true, + Description: "Specifies either the `HTTP` or `HTTPS` protocol.", + Type: schema.TypeString, + }, + "other_options": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "client_response_code": { + Optional: true, + Description: "Specifies the response code served to the client.", + Type: schema.TypeString, + }, + "cache_error_response": { + Optional: true, + Description: "When enabled, caches the error response.", + Type: schema.TypeBool, + }, + "cache_window": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ONE_S", "TEN_S", "THIRTY_S"}, false)), + Optional: true, + Description: "This sets error response's TTL.", + Type: schema.TypeString, + }, + }, + }, + }, + "metadata_caching": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior reduces time spent waiting for the initial response, also known as time to first byte, during peak traffic events. Contact Akamai Professional Services for help configuring it. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables metadata caching.", + Type: schema.TypeBool, + }, + }, + }, + }, + "mobile_sdk_performance": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Mobile App Performance SDK.", + Type: schema.TypeBool, + }, + "secondary_multipath_to_origin": { + Optional: true, + Description: "When enabled, sends secondary multi-path requests to the origin server.", + Type: schema.TypeBool, + }, + }, + }, + }, + "modify_incoming_request_header": { + Optional: true, + Type: schema.TypeList, + Description: "Modify, add, remove, or pass along specific request headers coming upstream from the client. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ADD", "DELETE", "MODIFY", "PASS"}, false)), + Optional: true, + Description: "Either `ADD`, `DELETE`, `MODIFY`, or `PASS` incoming HTTP request headers.", + Type: schema.TypeString, + }, + "standard_add_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ACCEPT_ENCODING", "ACCEPT_LANGUAGE", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `ADD`, this specifies the name of the field to add.", + Type: schema.TypeString, + }, + "standard_delete_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IF_MODIFIED_SINCE", "VIA", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `DELETE`, this specifies the name of the field to remove.", + Type: schema.TypeString, + }, + "standard_modify_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ACCEPT_ENCODING", "ACCEPT_LANGUAGE", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `MODIFY`, this specifies the name of the field to modify.", + Type: schema.TypeString, + }, + "standard_pass_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ACCEPT_ENCODING", "ACCEPT_LANGUAGE", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `PASS`, this specifies the name of the field to pass through.", + Type: schema.TypeString, + }, + "custom_header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies a custom field name that applies when the relevant `standard` header name is set to `OTHER`.", + Type: schema.TypeString, + }, + "header_value": { + Optional: true, + Description: "Specifies the new header value.", + Type: schema.TypeString, + }, + "new_header_value": { + Optional: true, + Description: "Supplies an HTTP header replacement value.", + Type: schema.TypeString, + }, + "avoid_duplicate_headers": { + Optional: true, + Description: "When enabled with the `action` set to `MODIFY`, prevents creation of more than one instance of a header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "modify_incoming_response_header": { + Optional: true, + Type: schema.TypeList, + Description: "Modify, add, remove, or pass along specific response headers coming downstream from the origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ADD", "DELETE", "MODIFY", "PASS"}, false)), + Optional: true, + Description: "Either `ADD`, `DELETE`, `MODIFY`, or `PASS` incoming HTTP response headers.", + Type: schema.TypeString, + }, + "standard_add_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "CONTENT_TYPE", "EDGE_CONTROL", "EXPIRES", "LAST_MODIFIED", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `ADD`, this specifies the name of the field to add.", + Type: schema.TypeString, + }, + "standard_delete_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "CONTENT_TYPE", "VARY", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `DELETE`, this specifies the name of the field to remove.", + Type: schema.TypeString, + }, + "standard_modify_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "CONTENT_TYPE", "EDGE_CONTROL", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `MODIFY`, this specifies the name of the field to modify.", + Type: schema.TypeString, + }, + "standard_pass_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "EXPIRES", "PRAGMA", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `PASS`, this specifies the name of the field to pass through.", + Type: schema.TypeString, + }, + "custom_header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies a custom field name that applies when the relevant `standard` header name is set to `OTHER`.", + Type: schema.TypeString, + }, + "header_value": { + Optional: true, + Description: "Specifies the header's new value.", + Type: schema.TypeString, + }, + "new_header_value": { + Optional: true, + Description: "Specifies an HTTP header replacement value.", + Type: schema.TypeString, + }, + "avoid_duplicate_headers": { + Optional: true, + Description: "When enabled with the `action` set to `MODIFY`, prevents creation of more than one instance of a header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "modify_outgoing_request_header": { + Optional: true, + Type: schema.TypeList, + Description: "Modify, add, remove, or pass along specific request headers going upstream towards the origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ADD", "DELETE", "MODIFY", "REGEX"}, false)), + Optional: true, + Description: "Either `ADD` or `DELETE` outgoing HTTP request headers, `MODIFY` their fixed values, or specify a `REGEX` pattern to transform them.", + Type: schema.TypeString, + }, + "standard_add_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"USER_AGENT", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `ADD`, this specifies the name of the field to add.", + Type: schema.TypeString, + }, + "standard_delete_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"PRAGMA", "USER_AGENT", "VIA", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `DELETE`, this specifies the name of the field to remove.", + Type: schema.TypeString, + }, + "standard_modify_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"USER_AGENT", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `MODIFY` or `REGEX`, this specifies the name of the field to modify.", + Type: schema.TypeString, + }, + "custom_header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies a custom field name that applies when the relevant `standard` header name is set to `OTHER`.", + Type: schema.TypeString, + }, + "header_value": { + Optional: true, + Description: "Specifies the new header value.", + Type: schema.TypeString, + }, + "new_header_value": { + Optional: true, + Description: "Specifies an HTTP header replacement value.", + Type: schema.TypeString, + }, + "regex_header_match": { + Optional: true, + Description: "Specifies a Perl-compatible regular expression to match within the header value.", + Type: schema.TypeString, + }, + "regex_header_replace": { + Optional: true, + Description: "Specifies text that replaces the `regexHeaderMatch` pattern within the header value.", + Type: schema.TypeString, + }, + "match_multiple": { + Optional: true, + Description: "When enabled with the `action` set to `REGEX`, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled.", + Type: schema.TypeBool, + }, + "avoid_duplicate_headers": { + Optional: true, + Description: "When enabled with the `action` set to `MODIFY`, prevents creation of more than one instance of a header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "modify_outgoing_response_header": { + Optional: true, + Type: schema.TypeList, + Description: "Modify, add, remove, or pass along specific response headers going downstream towards the client. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ADD", "DELETE", "MODIFY", "REGEX"}, false)), + Optional: true, + Description: "Either `ADD` or `DELETE` outgoing HTTP response headers, `MODIFY` their fixed values, or specify a `REGEX` pattern to transform them.", + Type: schema.TypeString, + }, + "standard_add_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "CONTENT_DISPOSITION", "CONTENT_TYPE", "EDGE_CONTROL", "P3P", "PRAGMA", "ACCESS_CONTROL_ALLOW_ORIGIN", "ACCESS_CONTROL_ALLOW_METHODS", "ACCESS_CONTROL_ALLOW_HEADERS", "ACCESS_CONTROL_EXPOSE_HEADERS", "ACCESS_CONTROL_ALLOW_CREDENTIALS", "ACCESS_CONTROL_MAX_AGE", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `ADD`, this specifies the name of the field to add.", + Type: schema.TypeString, + }, + "standard_delete_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "CONTENT_DISPOSITION", "CONTENT_TYPE", "EXPIRES", "P3P", "PRAGMA", "ACCESS_CONTROL_ALLOW_ORIGIN", "ACCESS_CONTROL_ALLOW_METHODS", "ACCESS_CONTROL_ALLOW_HEADERS", "ACCESS_CONTROL_EXPOSE_HEADERS", "ACCESS_CONTROL_ALLOW_CREDENTIALS", "ACCESS_CONTROL_MAX_AGE", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `DELETE`, this specifies the name of the field to remove.", + Type: schema.TypeString, + }, + "standard_modify_header_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CACHE_CONTROL", "CONTENT_DISPOSITION", "CONTENT_TYPE", "P3P", "PRAGMA", "ACCESS_CONTROL_ALLOW_ORIGIN", "ACCESS_CONTROL_ALLOW_METHODS", "ACCESS_CONTROL_ALLOW_HEADERS", "ACCESS_CONTROL_EXPOSE_HEADERS", "ACCESS_CONTROL_ALLOW_CREDENTIALS", "ACCESS_CONTROL_MAX_AGE", "OTHER"}, false)), + Optional: true, + Description: "If the value of `action` is `MODIFY` or `REGEX`, this specifies the name of the field to modify.", + Type: schema.TypeString, + }, + "custom_header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies a custom field name that applies when the relevant `standard` header name is set to `OTHER`.", + Type: schema.TypeString, + }, + "header_value": { + Optional: true, + Description: "Specifies the existing value of the header to match.", + Type: schema.TypeString, + }, + "new_header_value": { + Optional: true, + Description: "Specifies the new HTTP header replacement value.", + Type: schema.TypeString, + }, + "regex_header_match": { + Optional: true, + Description: "Specifies a Perl-compatible regular expression to match within the header value.", + Type: schema.TypeString, + }, + "regex_header_replace": { + Optional: true, + Description: "Specifies text that replaces the `regexHeaderMatch` pattern within the header value.", + Type: schema.TypeString, + }, + "match_multiple": { + Optional: true, + Description: "When enabled with the `action` set to `REGEX`, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled.", + Type: schema.TypeBool, + }, + "avoid_duplicate_headers": { + Optional: true, + Description: "When enabled with the `action` set to `MODIFY`, prevents creation of more than one instance of a header. The last header clobbers others with the same name. This option affects the entire set of outgoing headers, and is not confined to the subset of regular expression matches.", + Type: schema.TypeBool, + }, + }, + }, + }, + "modify_via_header": { + Optional: true, + Type: schema.TypeList, + Description: "Removes or renames the HTTP `Via` headers used to inform the server of proxies through which the request was sent to the origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables `Via` header modifications.", + Type: schema.TypeBool, + }, + "modification_option": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"REMOVE_HEADER", "RENAME_HEADER"}, false)), + Optional: true, + Description: "Specify how you want to handle the header.", + Type: schema.TypeString, + }, + "rename_header_to": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies a new name to replace the existing `Via` header.", + Type: schema.TypeString, + }, + }, + }, + }, + "mtls_origin_keystore": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "client_certificate_version_guid": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "auth_client_cert": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + }, + }, + }, + "origin": { + Optional: true, + Type: schema.TypeList, + Description: "Specify the hostname and settings used to contact the origin once service begins. You can use your own origin, `NetStorage`, an Edge Load Balancing origin, or a SaaS dynamic origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "origin_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CUSTOMER", "NET_STORAGE", "MEDIA_SERVICE_LIVE", "EDGE_LOAD_BALANCING_ORIGIN_GROUP", "SAAS_DYNAMIC_ORIGIN"}, false)), + Optional: true, + Description: "Choose where your content is retrieved from.", + Type: schema.TypeString, + }, + "net_storage": { + Optional: true, + Description: "Specifies the details of the NetStorage server.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cp_code": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "download_domain_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "g2o_token": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_id": { + Optional: true, + Description: "Identifies the Edge Load Balancing origin. This needs to correspond to an `edgeLoadBalancingOrigin` behavior's `id` attribute within the same property.", + Type: schema.TypeString, + }, + "hostname": { + Optional: true, + Description: "Specifies the hostname or IPv4 address of your origin server, from which edge servers can retrieve your content.", + Type: schema.TypeString, + }, + "second_hostname_enabled": { + Optional: true, + Description: "Available only for certain products. This specifies whether you want to use an additional origin server address.", + Type: schema.TypeBool, + }, + "second_hostname": { + Optional: true, + Description: "Specifies the origin server's hostname, IPv4 address, or IPv6 address. Edge servers retrieve your content from this origin server.", + Type: schema.TypeString, + }, + "mslorigin": { + Optional: true, + Description: "This specifies the media's origin server.", + Type: schema.TypeString, + }, + "saas_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HOSTNAME", "PATH", "QUERY_STRING", "COOKIE"}, false)), + Optional: true, + Description: "Specifies the part of the request that identifies this SaaS dynamic origin.", + Type: schema.TypeString, + }, + "saas_cname_enabled": { + Optional: true, + Description: "Enabling this allows you to use a `CNAME chain` to determine the hostname for this SaaS dynamic origin.", + Type: schema.TypeBool, + }, + "saas_cname_level": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the desired number of hostnames to use in the `CNAME chain`, starting backwards from the edge server.", + Type: schema.TypeInt, + }, + "saas_cookie": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the name of the cookie that identifies this SaaS dynamic origin.", + Type: schema.TypeString, + }, + "saas_query_string": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "Specifies the name of the query parameter that identifies this SaaS dynamic origin.", + Type: schema.TypeString, + }, + "saas_regex": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9\\:\\[\\]\\{\\}\\(\\)\\.\\?_\\-\\*\\+\\^\\$\\\\\\/\\|&=!]{1,250})$"), + Optional: true, + Description: "Specifies the Perl-compatible regular expression match that identifies this SaaS dynamic origin.", + Type: schema.TypeString, + }, + "saas_replace": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z0-9]|\\$[1-9])(([a-zA-Z0-9\\._\\-]|\\$[1-9]){0,250}([a-zA-Z0-9]|\\$[1-9]))?){1,10}$"), + Optional: true, + Description: "Specifies replacement text for what `saasRegex` matches.", + Type: schema.TypeString, + }, + "saas_suffix": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})\\.(com|net|org|info|biz|us|co\\.uk|ac\\.uk|org\\.uk|me\\.uk|ca|eu|com\\.au|co|co\\.za|ru|es|me|tv|pro|in|ie|de|it|nl|fr|co\\.il|ch|se|co\\.nz|pl|jp|name|mobi|cc|ws|be|com\\.mx|at|nu|asia|co\\.nz|net\\.nz|org\\.nz|com\\.au|net\\.au|org\\.au|tools)$"), + Optional: true, + Description: "Specifies the static part of the SaaS dynamic origin.", + Type: schema.TypeString, + }, + "forward_host_header": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"REQUEST_HOST_HEADER", "ORIGIN_HOSTNAME", "CUSTOM"}, false)), + Optional: true, + Description: "When the `originType` is set to either `CUSTOMER` or `SAAS_DYNAMIC_ORIGIN`, this specifies which `Host` header to pass to the origin.", + Type: schema.TypeString, + }, + "custom_forward_host_header": { + Optional: true, + Description: "This specifies the name of the custom host header the edge server should pass to the origin.", + Type: schema.TypeString, + }, + "cache_key_hostname": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"REQUEST_HOST_HEADER", "ORIGIN_HOSTNAME"}, false)), + Optional: true, + Description: "Specifies the hostname to use when forming a cache key.", + Type: schema.TypeString, + }, + "ip_version": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IPV4", "DUALSTACK", "IPV6"}, false)), + Optional: true, + Description: "Specifies which IP version to use when getting content from the origin.", + Type: schema.TypeString, + }, + "use_unique_cache_key": { + Optional: true, + Description: "With a shared `hostname` such as provided by Amazon AWS, sets a unique cache key for your content.", + Type: schema.TypeBool, + }, + "compress": { + Optional: true, + Description: "Enables `gzip` compression for non-NetStorage origins.", + Type: schema.TypeBool, + }, + "enable_true_client_ip": { + Optional: true, + Description: "When enabled on non-NetStorage origins, allows you to send a custom header (the `trueClientIpHeader`) identifying the IP address of the immediate client connecting to the edge server. This may provide more useful information than the standard `X-Forward-For` header, which proxies may modify.", + Type: schema.TypeBool, + }, + "true_client_ip_header": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "This specifies the name of the field that identifies the end client's IP address, for example `True-Client-IP`.", + Type: schema.TypeString, + }, + "true_client_ip_client_setting": { + Optional: true, + Description: "If a client sets the `True-Client-IP` header, the edge server allows it and passes the value to the origin. Otherwise the edge server removes it and sets the value itself.", + Type: schema.TypeBool, + }, + "origin_certificate": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "verification_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"PLATFORM_SETTINGS", "CUSTOM", "THIRD_PARTY"}, false)), + Optional: true, + Description: "For non-NetStorage origins, maximize security by controlling which certificates edge servers should trust.", + Type: schema.TypeString, + }, + "origin_sni": { + Optional: true, + Description: "For non-NetStorage origins, enabling this adds a Server Name Indication (SNI) header in the SSL request sent to the origin, with the origin hostname as the value. See the `verification settings in the Origin Server behavior` or contact your Akamai representative for more information. If you want to use TLS version 1.3 in your existing properties, enable this option. New properties have this enabled by default.", + Type: schema.TypeBool, + }, + "custom_valid_cn_values": { + Optional: true, + Description: "Specifies values to look for in the origin certificate's `Subject Alternate Name` or `Common Name` fields. Specify `{{Origin Hostname}}` and `{{Forward Host Header}}` within the text in the order you want them to be evaluated. (Note that these two template items are not the same as in-line `variables`, which use the same curly-brace syntax.)", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "origin_certs_to_honor": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COMBO", "STANDARD_CERTIFICATE_AUTHORITIES", "CUSTOM_CERTIFICATE_AUTHORITIES", "CUSTOM_CERTIFICATES"}, false)), + Optional: true, + Description: "Specifies which certificate to trust.", + Type: schema.TypeString, + }, + "standard_certificate_authorities": { + Optional: true, + Description: "", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "custom_certificate_authorities": { + Optional: true, + Description: "Specifies an array of certification objects. See the `verification settings in the Origin Server behavior` or contact your Akamai representative for details on this object's requirements.", + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "subject_cn": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "subject_alternative_names": { + Optional: true, + Description: "", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "subject_rdns": { + Optional: true, + Description: "", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "c": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "ou": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "o": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "cn": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "issuer_rdns": { + Optional: true, + Description: "", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "c": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "ou": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "o": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "cn": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "not_before": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "not_after": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "sig_alg_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "public_key": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "public_key_algorithm": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "public_key_format": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "serial_number": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "version": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "sha1_fingerprint": { + ValidateDiagFunc: validateRegexOrVariable("^[a-f0-9]{40}$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "pem_encoded_cert": { + ValidateDiagFunc: validateRegexOrVariable("^-----BEGIN CERTIFICATE-----(.|\\s)*-----END CERTIFICATE-----\\s*$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "can_be_leaf": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "can_be_ca": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "self_signed": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + }, + }, + }, + "custom_certificates": { + Optional: true, + Description: "Specifies an array of certification objects. See the `verification settings in the Origin Server behavior` or contact your Akamai representative for details on this object's requirements.", + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "subject_cn": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "subject_alternative_names": { + Optional: true, + Description: "", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "subject_rdns": { + Optional: true, + Description: "", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "c": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "ou": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "o": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "cn": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "issuer_rdns": { + Optional: true, + Description: "", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "c": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "ou": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "o": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "cn": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "not_before": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "not_after": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "sig_alg_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "public_key": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "public_key_algorithm": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "public_key_format": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "serial_number": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "version": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "sha1_fingerprint": { + ValidateDiagFunc: validateRegexOrVariable("^[a-f0-9]{40}$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "pem_encoded_cert": { + ValidateDiagFunc: validateRegexOrVariable("^-----BEGIN CERTIFICATE-----(.|\\s)*-----END CERTIFICATE-----\\s*$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "can_be_leaf": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "can_be_ca": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "self_signed": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + }, + }, + }, + "ports": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "http_port": { + Optional: true, + Description: "Specifies the port on your origin server to which edge servers should connect for HTTP requests, customarily `80`.", + Type: schema.TypeInt, + }, + "https_port": { + Optional: true, + Description: "Specifies the port on your origin server to which edge servers should connect for secure HTTPS requests, customarily `443`. This option only applies if the property is marked as secure. See `Secure property requirements` for guidance.", + Type: schema.TypeInt, + }, + "tls_version_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "min_tls_version": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validation.ToDiagFunc(validation.StringInSlice([]string{"DYNAMIC", "TLSV1_1", "TLSV1_2", "TLSV1_3"}, false))), + Optional: true, + Description: "Specifies the minimum TLS version to use for connections to your origin server.", + Type: schema.TypeString, + }, + "max_tls_version": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DYNAMIC", "TLSV1_1", "TLSV1_2", "TLSV1_3"}, false)), + Optional: true, + Description: "Specifies the maximum TLS version to use for connections to your origin server. As best practice, use `DYNAMIC` to automatically apply the latest supported version.", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_characteristics": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the origin. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "authentication_method_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "authentication_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"AUTOMATIC", "SIGNATURE_HEADER_AUTHENTICATION", "MSL_AUTHENTICATION", "AWS", "GCS_HMAC_AUTHENTICATION", "AWS_STS"}, false)), + Optional: true, + Description: "Specifies the authentication method.", + Type: schema.TypeString, + }, + "encoding_version": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{1, 2, 3, 4, 5})), + Optional: true, + Description: "Specifies the version of the encryption algorithm, an integer from `1` to `5`.", + Type: schema.TypeInt, + }, + "use_custom_sign_string": { + Optional: true, + Description: "Specifies whether to customize your signed string.", + Type: schema.TypeBool, + }, + "custom_sign_string": { + Optional: true, + Description: "Specifies the data to be encrypted as a series of enumerated variable names. See `Built-in system variables` for guidance on each.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "secret_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[0-9a-zA-Z]{24}$")), + Optional: true, + Description: "Specifies the shared secret key.", + Type: schema.TypeString, + }, + "nonce": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9a-zA-Z]{1,8}$"), + Optional: true, + Description: "Specifies the nonce.", + Type: schema.TypeString, + }, + "mslkey": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9a-zA-Z]{10,}$"), + Optional: true, + Description: "Specifies the access key provided by the hosting service.", + Type: schema.TypeString, + }, + "mslname": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9a-zA-Z]{1,8}$"), + Optional: true, + Description: "Specifies the origin name provided by the hosting service.", + Type: schema.TypeString, + }, + "access_key_encrypted_storage": { + Optional: true, + Description: "Enables secure use of access keys defined in Cloud Access Manager. Access keys store encrypted authentication details required to sign requests to cloud origins. If you disable this option, you'll need to store the authentication details unencrypted.", + Type: schema.TypeBool, + }, + "gcs_access_key_version_guid": { + Optional: true, + Description: "Identifies the unique `gcsAccessKeyVersionGuid` access key `created` in Cloud Access Manager to sign your requests to Google Cloud Storage in interoperability mode.", + Type: schema.TypeString, + }, + "gcs_hmac_key_access_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9]{1,128}$"), + Optional: true, + Description: "Specifies the active access ID linked to your Google account.", + Type: schema.TypeString, + }, + "gcs_hmac_key_secret": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9+/=_-]{1,40}$"), + Optional: true, + Description: "Specifies the secret linked to the access ID that you want to use to sign requests to Google Cloud Storage.", + Type: schema.TypeString, + }, + "aws_access_key_version_guid": { + Optional: true, + Description: "Identifies the unique `awsAccessKeyVersionGuid` access key `created` in Cloud Access Manager to sign your requests to AWS S3.", + Type: schema.TypeString, + }, + "aws_access_key_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9]{1,128}$"), + Optional: true, + Description: "Specifies active access key ID linked to your AWS account.", + Type: schema.TypeString, + }, + "aws_secret_access_key": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9+/=_-]{1,1024}$"), + Optional: true, + Description: "Specifies the secret linked to the access key identifier that you want to use to sign requests to AWS.", + Type: schema.TypeString, + }, + "aws_region": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9-]+$"), + Optional: true, + Description: "This specifies the AWS region code of the location where your bucket resides.", + Type: schema.TypeString, + }, + "aws_host": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^(([a-zA-Z0-9]([a-zA-Z0-9_\\-]*[a-zA-Z0-9])?)\\.)+([a-zA-Z]+|xn--[a-zA-Z0-9]+)$")), + Optional: true, + Description: "This specifies the AWS hostname, without `http://` or `https://` prefixes. If you leave this option empty, it inherits the hostname from the `origin` behavior.", + Type: schema.TypeString, + }, + "aws_service": { + Optional: true, + Description: "This specifies the subdomain of your AWS service. It precedes `amazonaws.com` or the region code in the AWS hostname. For example, `s3.amazonaws.com`.", + Type: schema.TypeString, + }, + "property_id_tag": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "hostname_tag": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "role_arn": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9][a-zA-Z0-9_\\+=,.@\\-:/]{0,2047}$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "aws_ar_region": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9][a-zA-Z0-9\\-]{0,63}$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "end_point_service": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[a-zA-Z0-9][a-zA-Z0-9\\-]{0,63}$")), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "origin_location_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "country": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"EUROPE", "NORTH_AMERICA", "LATIN_AMERICA", "SOUTH_AMERICA", "NORDICS", "ASIA_PACIFIC", "OTHER_AMERICAS", "OTHER_APJ", "OTHER_EMEA", "AUSTRALIA", "GERMANY", "INDIA", "ITALY", "JAPAN", "MEXICO", "TAIWAN", "UNITED_KINGDOM", "US_EAST", "US_CENTRAL", "US_WEST", "GLOBAL_MULTI_GEO", "OTHER", "UNKNOWN", "ADC"}, false)), + Optional: true, + Description: "Specifies the origin's geographic region.", + Type: schema.TypeString, + }, + "adc_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "direct_connect_geo": { + Optional: true, + Description: "Provides a region used by Akamai Direct Connection.", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_characteristics_wsd": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies characteristics of the origin, for use in Akamai's Wholesale Delivery product. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "origintype": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"AZURE", "UNKNOWN"}, false)), + Optional: true, + Description: "Specifies an origin type.", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_failure_recovery_method": { + Optional: true, + Type: schema.TypeList, + Description: "Origin Failover requires that you set up a separate rule containing origin failure recovery methods. You also need to set up the Origin Failure Recovery Policy behavior in a separate rule with a desired match criteria, and select the desired failover method. You can do this using Property Manager. Learn more about this process in `Adaptive Media Delivery Implementation Guide`. You can use the `originFailureRecoveryPolicy` member to edit existing instances of the Origin Failure Recover Policy behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "recovery_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"RETRY_ALTERNATE_ORIGIN", "RESPOND_CUSTOM_STATUS"}, false)), + Optional: true, + Description: "Specifies the recovery method.", + Type: schema.TypeString, + }, + "custom_status_code": { + Optional: true, + Description: "Specifies the custom status code to be sent to the client.", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_failure_recovery_policy": { + Optional: true, + Type: schema.TypeList, + Description: "Configures how to detect an origin failure, in which case the `originFailureRecoveryMethod` behavior applies. You can also define up to three sets of criteria to detect origin failure based on specific response codes. Use it to apply specific retry or recovery actions. You can do this using Property Manager. Learn more about this process in `Adaptive Media Delivery Implementation Guide`. You can use the `originFailureRecoveryMethod` member to edit existing instances of the Origin Failure Recover Method behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Activates and configures a recovery policy.", + Type: schema.TypeBool, + }, + "tuning_parameters": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_ip_avoidance": { + Optional: true, + Description: "Temporarily blocks an origin IP address that experienced a certain number of failures. When an IP address is blocked, the `configName` established for `originResponsivenessRecoveryConfigName` is applied.", + Type: schema.TypeBool, + }, + "ip_avoidance_error_threshold": { + Optional: true, + Description: "Defines the number of failures that need to occur to an origin address before it's blocked.", + Type: schema.TypeInt, + }, + "ip_avoidance_retry_interval": { + Optional: true, + Description: "Defines the number of seconds after which the IP address is removed from the blocklist.", + Type: schema.TypeInt, + }, + "binary_equivalent_content": { + Optional: true, + Description: "Synchronizes content between the primary and backup origins, byte for byte.", + Type: schema.TypeBool, + }, + "origin_responsiveness_monitoring": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "monitor_origin_responsiveness": { + Optional: true, + Description: "Enables continuous monitoring of connectivity to the origin. If necessary, applies retry or recovery actions.", + Type: schema.TypeBool, + }, + "origin_responsiveness_timeout": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"AGGRESSIVE", "MODERATE", "CONSERVATIVE", "USER_SPECIFIED"}, false)), + Optional: true, + Description: "The timeout threshold that triggers a retry or recovery action.", + Type: schema.TypeString, + }, + "origin_responsiveness_custom_timeout": { + Optional: true, + Description: "Specify a custom timeout, from 1 to 10 seconds.", + Type: schema.TypeInt, + }, + "origin_responsiveness_enable_retry": { + Optional: true, + Description: "If a specific failure condition applies, attempts a retry on the same origin before executing the recovery method.", + Type: schema.TypeBool, + }, + "origin_responsiveness_enable_recovery": { + Optional: true, + Description: "Enables a recovery action for a specific failure condition.", + Type: schema.TypeBool, + }, + "origin_responsiveness_recovery_config_name": { + Optional: true, + Description: "Specifies a recovery configuration using the `configName` you defined in the `recoveryConfig` match criteria. Specify 3 to 20 alphanumeric characters or dashes. Ensure that you use the `recoveryConfig` match criteria to apply this option.", + Type: schema.TypeString, + }, + "status_code_monitoring1": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "monitor_status_codes1": { + Optional: true, + Description: "Enables continuous monitoring for the specific origin status codes that trigger retry or recovery actions.", + Type: schema.TypeBool, + }, + "monitor_response_codes1": { + Optional: true, + Description: "Defines the origin response codes that trigger a subsequent retry or recovery action. Specify a single code entry (`501`) or a range (`501:504`). If you configure other `monitorStatusCodes*` and `monitorResponseCodes*` options, you can't use the same codes here.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "monitor_status_codes1_enable_retry": { + Optional: true, + Description: "When the defined response codes apply, attempts a retry on the same origin before executing the recovery method.", + Type: schema.TypeBool, + }, + "monitor_status_codes1_enable_recovery": { + Optional: true, + Description: "Enables the recovery action for the response codes you define.", + Type: schema.TypeBool, + }, + "monitor_status_codes1_recovery_config_name": { + Optional: true, + Description: "Specifies a recovery configuration using the `configName` you defined in the `recoveryConfig` match criteria. Specify 3 to 20 alphanumeric characters or dashes. Ensure that you use the `recoveryConfig` match criteria to apply this option.", + Type: schema.TypeString, + }, + "status_code_monitoring2": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "monitor_status_codes2": { + Optional: true, + Description: "Enables continuous monitoring for the specific origin status codes that trigger retry or recovery actions.", + Type: schema.TypeBool, + }, + "monitor_response_codes2": { + Optional: true, + Description: "Defines the origin response codes that trigger a subsequent retry or recovery action. Specify a single code entry (`501`) or a range (`501:504`). If you configure other `monitorStatusCodes*` and `monitorResponseCodes*` options, you can't use the same codes here.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "monitor_status_codes2_enable_retry": { + Optional: true, + Description: "When the defined response codes apply, attempts a retry on the same origin before executing the recovery method.", + Type: schema.TypeBool, + }, + "monitor_status_codes2_enable_recovery": { + Optional: true, + Description: "Enables the recovery action for the response codes you define.", + Type: schema.TypeBool, + }, + "monitor_status_codes2_recovery_config_name": { + Optional: true, + Description: "Specifies a recovery configuration using the `configName` you defined in the `recoveryConfig` match criteria. Specify 3 to 20 alphanumeric characters or dashes. Ensure that you use the `recoveryConfig` match criteria to apply this option.", + Type: schema.TypeString, + }, + "status_code_monitoring3": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "monitor_status_codes3": { + Optional: true, + Description: "Enables continuous monitoring for the specific origin status codes that trigger retry or recovery actions.", + Type: schema.TypeBool, + }, + "monitor_response_codes3": { + Optional: true, + Description: "Defines the origin response codes that trigger a subsequent retry or recovery action. Specify a single code entry (`501`) or a range (`501:504`). If you configure other `monitorStatusCodes*` and `monitorResponseCodes*` options, you can't use the same codes here..", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "monitor_status_codes3_enable_retry": { + Optional: true, + Description: "When the defined response codes apply, attempts a retry on the same origin before executing the recovery method.", + Type: schema.TypeBool, + }, + "monitor_status_codes3_enable_recovery": { + Optional: true, + Description: "Enables the recovery action for the response codes you define.", + Type: schema.TypeBool, + }, + "monitor_status_codes3_recovery_config_name": { + Optional: true, + Description: "Specifies a recovery configuration using the `configName` you defined in the `recoveryConfig` match criteria. Specify 3 to 20 alphanumeric characters or dashes. Ensure that you use the `recoveryConfig` match criteria to apply this option.", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_ip_acl": { + Optional: true, + Type: schema.TypeList, + Description: "Origin IP Access Control List limits the traffic to your origin. It only allows requests from specific edge servers that are configured as part of a supernet defined by CIDR blocks. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "Enables the Origin IP Access Control List behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "permissions_policy": { + Optional: true, + Type: schema.TypeList, + Description: "Manages whether your page and its embedded iframes can access various browser features that affect end-user privacy, security, and performance. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "permissions_policy_directive": { + Optional: true, + Description: "Each directive represents a browser feature. Specify the ones you want enabled in a client browser that accesses your content. You can add custom entries or provide pre-set values from the list. For more details on each value, see the `guide section` for this behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "allow_list": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*:%\\[\\]@.\\s]+$"), + Optional: true, + Description: "The features you've set in `permissionsPolicyDirective` are enabled for domains you specify here. They'll remain disabled for all other domains. Separate multiple domains with a single space. To block the specified directives from all domains, set this to `none`. This generates an empty value in the `Permissions-Policy` header.", + Type: schema.TypeString, + }, + }, + }, + }, + "persistent_client_connection": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior activates `persistent connections` between edge servers and clients, which allow for better performance and more efficient use of resources. Compare with the `persistentConnection` behavior, which configures persistent connections for the entire journey from origin to edge to client. Contact Akamai Professional Services for help configuring either. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the persistent connections behavior.", + Type: schema.TypeBool, + }, + "timeout": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the timeout period after which edge server closes the persistent connection with the client, 500 seconds by default.", + Type: schema.TypeString, + }, + }, + }, + }, + "persistent_connection": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior enables more efficient `persistent connections` from origin to edge server to client. Compare with the `persistentClientConnection` behavior, which customizes persistent connections from edge to client. Contact Akamai Professional Services for help configuring either. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables persistent connections.", + Type: schema.TypeBool, + }, + "timeout": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the timeout period after which edge server closes a persistent connection.", + Type: schema.TypeString, + }, + }, + }, + }, + "personally_identifiable_information": { + Optional: true, + Type: schema.TypeList, + Description: "Marks content covered by the current rule as sensitive `personally identifiable information` that needs to be treated as secure and private. That includes anything involving personal information: name, social security number, date and place of birth, mother's maiden name, biometric data, or any other data linked to an individual. If you attempt to save a property with such a rule that also caches or logs sensitive content, the added behavior results in a validation error. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, marks content as personally identifiable information (PII).", + Type: schema.TypeBool, + }, + }, + }, + }, + "phased_release": { + Optional: true, + Type: schema.TypeList, + Description: "The Phased Release Cloudlet provides gradual and granular traffic management to an alternate origin in near real time. Use the `Cloudlets API` or the Cloudlets Policy Manager application within `Control Center` to set up your Cloudlets policies. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Phased Release Cloudlet.", + Type: schema.TypeBool, + }, + "is_shared_policy": { + Optional: true, + Description: "Whether you want to apply the Cloudlet shared policy to an unlimited number of properties within your account. Learn more about shared policies and how to create them in `Cloudlets Policy Manager`.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Specifies the Cloudlet policy as an object.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "Identifies the Cloudlet shared policy to use with this behavior. Use the `Cloudlets API` to list available shared policies.", + Type: schema.TypeInt, + }, + "label": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "A label to distinguish this Phased Release policy from any others within the same property.", + Type: schema.TypeString, + }, + "population_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "population_cookie_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "NEVER", "ON_BROWSER_CLOSE", "FIXED_DATE", "DURATION"}, false)), + Optional: true, + Description: "Select when to assign a cookie to the population of users the Cloudlet defines. If you select the Cloudlet's `random` membership option, it overrides this option's value so that it is effectively `NONE`.", + Type: schema.TypeString, + }, + "population_expiration_date": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the date and time when membership expires, and the browser no longer sends the cookie. Subsequent requests re-evaluate based on current membership settings.", + Type: schema.TypeString, + }, + "population_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Sets the lifetime of the cookie from the initial request. Subsequent requests re-evaluate based on current membership settings.", + Type: schema.TypeString, + }, + "population_refresh": { + Optional: true, + Description: "Enabling this option resets the original duration of the cookie if the browser refreshes before the cookie expires.", + Type: schema.TypeBool, + }, + "failover_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "failover_enabled": { + Optional: true, + Description: "Allows failure responses at the origin defined by the Cloudlet to fail over to the prevailing origin defined by the property.", + Type: schema.TypeBool, + }, + "failover_response_code": { + Optional: true, + Description: "Defines the set of failure codes that initiate the failover response.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "failover_duration": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 300)), + Optional: true, + Description: "Specifies the number of seconds to wait until the client tries to access the failover origin after the initial failure is detected. Set the value to `0` to immediately request the alternate origin upon failure.", + Type: schema.TypeInt, + }, + }, + }, + }, + "preconnect": { + Optional: true, + Type: schema.TypeList, + Description: "With the `http2` behavior enabled, this requests a specified set of domains that relate to your property hostname, and keeps the connection open for faster loading of content from those domains. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "preconnectlist": { + Optional: true, + Description: "Specifies the set of hostnames to which to preconnect over HTTP2.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "predictive_content_delivery": { + Optional: true, + Type: schema.TypeList, + Description: "Improves user experience and reduces the cost of downloads by enabling mobile devices to predictively fetch and cache content from catalogs managed by Akamai servers. You can't use this feature if in the `segmentedMediaOptimization` behavior, the value for `behavior` is set to `LIVE`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the predictive content delivery behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "predictive_prefetching": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior potentially reduces the client's page load time by pre-caching objects based on historical data for the page, not just its current set of referenced objects. It also detects second-level dependencies, such as objects retrieved by JavaScript. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the predictive prefetching behavior.", + Type: schema.TypeBool, + }, + "accuracy_target": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LOW", "MEDIUM", "HIGH"}, false)), + Optional: true, + Description: "The level of prefetching. A higher level results in better client performance, but potentially greater load on the origin.", + Type: schema.TypeString, + }, + }, + }, + }, + "prefetch": { + Optional: true, + Type: schema.TypeList, + Description: "Instructs edge servers to retrieve content linked from requested pages as they load, rather than waiting for separate requests for the linked content. This behavior applies depending on the rule's set of matching conditions. Use in conjunction with the `prefetchable` behavior, which specifies the set of objects to prefetch. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Applies prefetching behavior when enabled.", + Type: schema.TypeBool, + }, + }, + }, + }, + "prefetchable": { + Optional: true, + Type: schema.TypeList, + Description: "Allow matching objects to prefetch into the edge cache as the parent page that links to them loads, rather than waiting for a direct request. This behavior applies depending on the rule's set of matching conditions. Use `prefetch` to enable the overall behavior for parent pages that contain links to the object. To apply this behavior, you need to match on a `filename` or `fileExtension`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows matching content to prefetch when referenced on a requested parent page.", + Type: schema.TypeBool, + }, + }, + }, + }, + "prefresh_cache": { + Optional: true, + Type: schema.TypeList, + Description: "Refresh cached content before its time-to-live (TTL) expires, to keep end users from having to wait for the origin to provide fresh content. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the cache prefreshing behavior.", + Type: schema.TypeBool, + }, + "prefreshval": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 99)), + Optional: true, + Description: "Specifies when the prefresh occurs as a percentage of the TTL. For example, for an object whose cache has 10 minutes left to live, and an origin response that is routinely less than 30 seconds, a percentage of `95` prefreshes the content without unnecessarily increasing load on the origin.", + Type: schema.TypeInt, + }, + }, + }, + }, + "quality": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "origin_settings": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "country": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"EUROPE", "NORTH_AMERICA", "LATIN_AMERICA", "SOUTH_AMERICA", "NORDICS", "ASIA_PACIFIC", "OTHER_AMERICAS", "OTHER_APJ", "OTHER_EMEA", "AUSTRALIA", "GERMANY", "INDIA", "ITALY", "JAPAN", "MEXICO", "TAIWAN", "UNITED_KINGDOM", "US_EAST", "US_CENTRAL", "US_WEST"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "audience_settings": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "end_user_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"GLOBAL", "GLOBAL_US_CENTRIC", "GLOBAL_EU_CENTRIC", "GLOBAL_ASIA_CENTRIC", "EUROPE", "NORTH_AMERICA", "SOUTH_AMERICA", "NORDICS", "ASIA_PACIFIC", "AUSTRALIA", "GERMANY", "INDIA", "ITALY", "JAPAN", "TAIWAN", "UNITED_KINGDOM"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "maximum_concurrent_users": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "LESS_THAN_10K", "10K_TO_50K", "50K_TO_100K", "GREATER_THAN_100K"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "content_settings": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "content_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "SITE", "IMAGES", "CONFIG", "OTHERS", "AUDIO", "SD_VIDEO", "HD_VIDEO", "SUPER_HD_VIDEO", "LARGE_OBJECTS"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "object_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"LESS_THAN_1MB", "1_TO_10MB", "10_TO_100MB", "GREATER_THAN_100MB"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "download_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"FOREGROUND", "BACKGROUND"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "popularity_distribution": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"TYPICAL", "LONG_TAIL", "ALL_POPULAR", "ALL_UNPOPULAR"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "delivery_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ON_DEMAND", "LIVE"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "delivery_format": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DASH", "HDS", "HLS", "SILVER_LIGHT", "OTHER"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "segment_duration": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{2, 4, 6, 8, 10})), + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "catalog_size": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SMALL", "MEDIUM", "LARGE", "EXTRA_LARGE"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "refresh_rate": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "HOURLY", "DAILY", "MONTHLY", "YEARLY"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "optimize_for": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "ORIGIN", "STARTUP"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "quic_beta": { + Optional: true, + Type: schema.TypeList, + Description: "For a share of responses, includes an `Alt-Svc` header for compatible clients to initiate subsequent sessions using the QUIC protocol. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables QUIC support.", + Type: schema.TypeBool, + }, + "quic_offer_percentage": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(1, 50)), + Optional: true, + Description: "The percentage of responses for which to allow QUIC sessions.", + Type: schema.TypeInt, + }, + }, + }, + }, + "random_seek": { + Optional: true, + Type: schema.TypeList, + Description: "Optimizes `.flv` and `.mp4` files to allow random jump-point navigation. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "flv": { + Optional: true, + Description: "Enables random seek optimization in FLV files.", + Type: schema.TypeBool, + }, + "mp4": { + Optional: true, + Description: "Enables random seek optimization in MP4 files.", + Type: schema.TypeBool, + }, + "maximum_size": { + ValidateDiagFunc: validateRegexOrVariable("^\\d+[K,M,G,T]B$"), + Optional: true, + Description: "Sets the maximum size of the MP4 file to optimize, expressed as a number suffixed with a unit string such as `MB` or `GB`.", + Type: schema.TypeString, + }, + }, + }, + }, + "rapid": { + Optional: true, + Type: schema.TypeList, + Description: "The `Akamai API Gateway` allows you to configure API traffic delivered over the Akamai network. Apply this behavior to a set of API assets, then use Akamai's `API Endpoints API` to configure how the traffic responds. Use the `API Keys and Traffic Management API` to control access to your APIs. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables API Gateway for the current set of content.", + Type: schema.TypeBool, + }, + }, + }, + }, + "read_timeout": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior specifies how long the edge server should wait for a response from the requesting forward server after a connection has already been established. Any failure to read aborts the request and sends a `504` Gateway Timeout error to the client. Contact Akamai Professional Services for help configuring this behavior. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the read timeout necessary before failing with a `504` error. This value should never be zero.", + Type: schema.TypeString, + }, + "first_byte_timeout": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "real_time_reporting": { + Optional: true, + Type: schema.TypeList, + Description: "This enables Real-Time Reporting for Akamai `Cloud Embed` customers. The behavior can only be configured on your behalf by Akamai Professional Services. You can access real-time reports data for that base configuration with `Media Delivery Reports API`. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables reports on delivery of cloud hosted content at near real-time latencies.", + Type: schema.TypeBool, + }, + "advanced": { + Optional: true, + Description: "Enables advanced options.", + Type: schema.TypeBool, + }, + "beacon_sampling_percentage": { + Optional: true, + Description: "Specifies the percentage for sampling.", + Type: schema.TypeFloat, + }, + }, + }, + }, + "real_user_monitoring": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, activates real-use monitoring.", + Type: schema.TypeBool, + }, + }, + }, + }, + "redirect": { + Optional: true, + Type: schema.TypeList, + Description: "Respond to the client request with a redirect without contacting the origin. Specify the redirect as a path expression starting with a `/` character relative to the current root, or as a fully qualified URL. This behavior relies primarily on `destinationHostname` and `destinationPath` to manipulate the hostname and path independently. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "mobile_default_choice": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DEFAULT", "MOBILE"}, false)), + Optional: true, + Description: "Either specify a default response for mobile browsers, or customize your own.", + Type: schema.TypeString, + }, + "destination_protocol": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SAME_AS_REQUEST", "HTTP", "HTTPS"}, false)), + Optional: true, + Description: "Choose the protocol for the redirect URL.", + Type: schema.TypeString, + }, + "destination_hostname": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SAME_AS_REQUEST", "SUBDOMAIN", "SIBLING", "OTHER"}, false)), + Optional: true, + Description: "Specify how to change the requested hostname, independently from the pathname.", + Type: schema.TypeString, + }, + "destination_hostname_subdomain": { + Optional: true, + Description: "Specifies a subdomain to prepend to the current hostname. For example, a value of `m` changes `www.example.com` to `m.www.example.com`.", + Type: schema.TypeString, + }, + "destination_hostname_sibling": { + Optional: true, + Description: "Specifies the subdomain with which to replace to the current hostname's leftmost subdomain. For example, a value of `m` changes `www.example.com` to `m.example.com`.", + Type: schema.TypeString, + }, + "destination_hostname_other": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "Specifies the full hostname with which to replace the current hostname.", + Type: schema.TypeString, + }, + "destination_path": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SAME_AS_REQUEST", "PREFIX_REQUEST", "OTHER"}, false)), + Optional: true, + Description: "Specify how to change the requested pathname, independently from the hostname.", + Type: schema.TypeString, + }, + "destination_path_prefix": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "When `destinationPath` is set to `PREFIX_REQUEST`, this prepends the current path. For example, a value of `/prefix/path` changes `/example/index.html` to `/prefix/path/example/index.html`.", + Type: schema.TypeString, + }, + "destination_path_suffix_status": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NO_SUFFIX", "SUFFIX"}, false)), + Optional: true, + Description: "When `destinationPath` is set to `PREFIX_REQUEST`, this gives you the option of adding a suffix.", + Type: schema.TypeString, + }, + "destination_path_suffix": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9\\[\\]/?#!=&_\\-\\.]+$"), + Optional: true, + Description: "When `destinationPath` is set to `PREFIX_REQUEST` and `destinationPathSuffixStatus` is set to `SUFFIX`, this specifies the suffix to append to the path.", + Type: schema.TypeString, + }, + "destination_path_other": { + ValidateDiagFunc: validateRegexOrVariable("^/"), + Optional: true, + Description: "When `destinationPath` is set to `PREFIX_REQUEST`, this replaces the current path.", + Type: schema.TypeString, + }, + "query_string": { + Optional: true, + Description: "When set to `APPEND`, passes incoming query string parameters as part of the redirect URL. Otherwise set this to `IGNORE`.", + Type: schema.TypeString, + }, + "response_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{301, 302, 303, 307})), + Optional: true, + Description: "Specify the redirect's response code.", + Type: schema.TypeInt, + }, + }, + }, + }, + "redirectplus": { + Optional: true, + Type: schema.TypeList, + Description: "Respond to the client request with a redirect without contacting the origin. This behavior fills the same need as `redirect`, but allows you to use `variables` to express the redirect `destination`'s component values more concisely. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the redirect feature.", + Type: schema.TypeBool, + }, + "destination": { + Optional: true, + Description: "Specifies the redirect as a path expression starting with a `/` character relative to the current root, or as a fully qualified URL. Optionally inject variables, as in this example that refers to the original request's filename: `/path/to/{{builtin.AK_FILENAME}}`.", + Type: schema.TypeString, + }, + "response_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{301, 302, 303, 307})), + Optional: true, + Description: "Assigns the status code for the redirect response.", + Type: schema.TypeInt, + }, + }, + }, + }, + "referer_checking": { + Optional: true, + Type: schema.TypeList, + Description: "Limits allowed requests to a set of domains you specify. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the referer-checking behavior.", + Type: schema.TypeBool, + }, + "strict": { + Optional: true, + Description: "When enabled, excludes requests whose `Referer` header include a relative path, or that are missing a `Referer`. When disabled, only excludes requests whose `Referer` hostname is not part of the `domains` set.", + Type: schema.TypeBool, + }, + "domains": { + Optional: true, + Description: "Specifies the set of allowed domains. With `allowChildren` disabled, prefixing values with `*.` specifies domains for which subdomains are allowed.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "allow_children": { + Optional: true, + Description: "Allows all subdomains for the `domains` set, just like adding a `*.` prefix to each.", + Type: schema.TypeBool, + }, + }, + }, + }, + "remove_query_parameter": { + Optional: true, + Type: schema.TypeList, + Description: "Remove named query parameters before forwarding the request to the origin. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "parameters": { + Optional: true, + Description: "Specifies parameters to remove from the request.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "remove_vary": { + Optional: true, + Type: schema.TypeList, + Description: "By default, responses that feature a `Vary` header value of anything other than `Accept-Encoding` and a corresponding `Content-Encoding: gzip` header aren't cached on edge servers. `Vary` headers indicate when a URL's content varies depending on some variable, such as which `User-Agent` requests it. This behavior simply removes the `Vary` header to make responses cacheable. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, removes the `Vary` header to ensure objects can be cached.", + Type: schema.TypeBool, + }, + }, + }, + }, + "report": { + Optional: true, + Type: schema.TypeList, + Description: "Specify the HTTP request headers or cookie names to log in your Log Delivery Service reports. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "log_host": { + Optional: true, + Description: "Log the `Host` header.", + Type: schema.TypeBool, + }, + "log_referer": { + Optional: true, + Description: "Log the `Referer` header.", + Type: schema.TypeBool, + }, + "log_user_agent": { + Optional: true, + Description: "Log the `User-Agent` header.", + Type: schema.TypeBool, + }, + "log_accept_language": { + Optional: true, + Description: "Log the `Accept-Language` header.", + Type: schema.TypeBool, + }, + "log_cookies": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"OFF", "ALL", "SOME"}, false)), + Optional: true, + Description: "Specifies the set of cookies to log.", + Type: schema.TypeString, + }, + "cookies": { + Optional: true, + Description: "This specifies the set of cookies names whose values you want to log.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "log_custom_log_field": { + Optional: true, + Description: "Whether to append additional custom data to each log line.", + Type: schema.TypeBool, + }, + "custom_log_field": { + Optional: true, + Description: "Specifies an additional data field to append to each log line, maximum 1000 bytes, typically based on a dynamically generated built-in system variable. For example, `round-trip: {{builtin.AK_CLIENT_TURNAROUND_TIME}}ms` logs the total time to complete the response. See `Support for variables` for more information. If you enable the `logCustom` behavior, it overrides the `customLogField` option.", + Type: schema.TypeString, + }, + "log_edge_ip": { + Optional: true, + Description: "Whether to log the IP address of the Akamai edge server that served the response to the client.", + Type: schema.TypeBool, + }, + "log_x_forwarded_for": { + Optional: true, + Description: "Log any `X-Forwarded-For` request header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "request_client_hints": { + Optional: true, + Type: schema.TypeList, + Description: "Client hints are HTTP request header fields that determine which resources the browser should include in the response. This behavior configures and prioritizes the client hints you want to send to request specific client and device information. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "accept_ch": { + Optional: true, + Description: "The client hint data objects you want to receive from the browser. You can add custom entries or provide pre-set values from the list. For more details on each value, see the `guide section` for this behavior. If you've configured your origin server to pass along data objects, they merge with the ones you set in this array, before the list is sent to the client.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "accept_critical_ch": { + Optional: true, + Description: "The critical client hint data objects you want to receive from the browser. The original request from the browser needs to include these objects. Otherwise, a new response header is sent back to the client, asking for all of these client hint data objects. You can add custom entries or provide pre-set values from the list. For more details on each value, see the `guide section` for this behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "reset": { + Optional: true, + Description: "This sends an empty instance of the `Accept-CH` response header to clear other `Accept-CH` values currently stored in the client browser. This empty header doesn't get merged with other objects sent from your origin server.", + Type: schema.TypeBool, + }, + }, + }, + }, + "request_control": { + Optional: true, + Type: schema.TypeList, + Description: "The Request Control Cloudlet allows you to control access to your web content based on the incoming request's IP or geographic location. With Cloudlets available on your contract, choose `Your services` > `Edge logic Cloudlets` to control how the feature works within `Control Center`, or use the `Cloudlets API` to configure it programmatically. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Request Control Cloudlet.", + Type: schema.TypeBool, + }, + "is_shared_policy": { + Optional: true, + Description: "Whether you want to apply the Cloudlet shared policy to an unlimited number of properties within your account. Learn more about shared policies and how to create them in `Cloudlets Policy Manager`.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "Identifies the Cloudlet shared policy to use with this behavior. Use the `Cloudlets API` to list available shared policies.", + Type: schema.TypeInt, + }, + "enable_branded403": { + Optional: true, + Description: "If enabled, serves a branded 403 page for this Cloudlet instance.", + Type: schema.TypeBool, + }, + "branded403_status_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{200, 302, 403, 503})), + Optional: true, + Description: "Specifies the response status code for the branded deny action.", + Type: schema.TypeInt, + }, + "net_storage": { + Optional: true, + Description: "Specifies the NetStorage domain that contains the branded 403 page.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cp_code": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "download_domain_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "g2o_token": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "branded403_file": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the full path of the branded 403 page, including the filename, but excluding the NetStorage CP code path component.", + Type: schema.TypeString, + }, + "branded403_url": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\s]+$"), + Optional: true, + Description: "Specifies the redirect URL for the branded deny action.", + Type: schema.TypeString, + }, + "branded_deny_cache_ttl": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(5, 30)), + Optional: true, + Description: "Specifies the branded response page's time to live in the cache, `5` minutes by default.", + Type: schema.TypeInt, + }, + }, + }, + }, + "request_type_marker": { + Optional: true, + Type: schema.TypeList, + Description: "The `Internet of Things: OTA Updates` product allows customers to securely distribute firmware to devices over cellular networks. When using the `downloadCompleteMarker` behavior to log successful downloads, this related behavior identifies download or campaign server types in aggregated and individual reports. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "request_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DOWNLOAD", "CAMPAIGN_SERVER"}, false)), + Optional: true, + Description: "Specifies the type of request.", + Type: schema.TypeString, + }, + }, + }, + }, + "resource_optimizer": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Resource Optimizer feature.", + Type: schema.TypeBool, + }, + }, + }, + }, + "resource_optimizer_extended_compatibility": { + Optional: true, + Type: schema.TypeList, + Description: "This enhances the standard version of the `resourceOptimizer` behavior to support the compression of additional file formats and address some compatibility issues. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Resource Optimizer feature.", + Type: schema.TypeBool, + }, + "enable_all_features": { + Optional: true, + Description: "Enables `additional support` and error handling.", + Type: schema.TypeBool, + }, + }, + }, + }, + "response_code": { + Optional: true, + Type: schema.TypeList, + Description: "Change the existing response code. For example, if your origin sends a `301` permanent redirect, this behavior can change it on the edge to a temporary `302` redirect. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "status_code": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntInSlice([]int{200, 301, 302, 303, 404, 500, 100, 101, 102, 103, 122, 201, 202, 203, 204, 205, 206, 207, 226, 300, 304, 305, 306, 307, 308, 400, 401, 402, 403, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 422, 423, 424, 425, 426, 428, 429, 431, 444, 449, 450, 499, 501, 502, 503, 504, 505, 506, 507, 509, 510, 511, 598, 599})), + Optional: true, + Description: "The HTTP status code to replace the existing one.", + Type: schema.TypeInt, + }, + "override206": { + Optional: true, + Description: "Allows any specified `200` success code to override a `206` partial-content code, in which case the response's content length matches the requested range length.", + Type: schema.TypeBool, + }, + }, + }, + }, + "response_cookie": { + Optional: true, + Type: schema.TypeList, + Description: "Set a cookie to send downstream to the client with either a fixed value or a unique stamp. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "cookie_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the name of the cookie, which serves as a key to determine if the cookie is set.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows you to set a response cookie.", + Type: schema.TypeBool, + }, + "type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"FIXED", "UNIQUE"}, false)), + Optional: true, + Description: "What type of value to assign.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\s;]+$"), + Optional: true, + Description: "If the cookie `type` is `FIXED`, this specifies the cookie value.", + Type: schema.TypeString, + }, + "format": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"AKAMAI", "APACHE"}, false)), + Optional: true, + Description: "When the `type` of cookie is set to `UNIQUE`, this sets the date format.", + Type: schema.TypeString, + }, + "default_domain": { + Optional: true, + Description: "When enabled, uses the default domain value, otherwise the set specified in the `domain` field.", + Type: schema.TypeBool, + }, + "default_path": { + Optional: true, + Description: "When enabled, uses the default path value, otherwise the set specified in the `path` field.", + Type: schema.TypeBool, + }, + "domain": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "If the `defaultDomain` is disabled, this sets the domain for which the cookie is valid. For example, `example.com` makes the cookie valid for that hostname and all subdomains.", + Type: schema.TypeString, + }, + "path": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "If the `defaultPath` is disabled, sets the path component for which the cookie is valid.", + Type: schema.TypeString, + }, + "expires": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ON_BROWSER_CLOSE", "FIXED_DATE", "DURATION", "NEVER"}, false)), + Optional: true, + Description: "Sets various ways to specify when the cookie expires.", + Type: schema.TypeString, + }, + "expiration_date": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "If `expires` is set to `FIXED_DATE`, this sets when the cookie expires as a UTC date and time.", + Type: schema.TypeString, + }, + "duration": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "If `expires` is set to `DURATION`, this sets the cookie's lifetime.", + Type: schema.TypeString, + }, + "same_site": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DEFAULT", "NONE", "LAX", "STRICT"}, false)), + Optional: true, + Description: "This option controls the `SameSite` cookie attribute that reduces the risk of cross-site request forgery attacks.", + Type: schema.TypeString, + }, + "secure": { + Optional: true, + Description: "When enabled, sets the cookie's `Secure` flag to transmit it with `HTTPS`.", + Type: schema.TypeBool, + }, + "http_only": { + Optional: true, + Description: "When enabled, includes the `HttpOnly` attribute in the `Set-Cookie` response header to mitigate the risk of client-side scripts accessing the protected cookie, if the browser supports it.", + Type: schema.TypeBool, + }, + }, + }, + }, + "restrict_object_caching": { + Optional: true, + Type: schema.TypeList, + Description: "You need this behavior to deploy the Object Caching product. It disables serving HTML content and limits the maximum object size to 100MB. Contact Akamai Professional Services for help configuring it. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "maximum_size": { + Optional: true, + Description: "Specifies a fixed maximum size of non-HTML content to cache.", + Type: schema.TypeString, + }, + }, + }, + }, + "return_cache_status": { + Optional: true, + Type: schema.TypeList, + Description: "Generates a response header with information about cache status. Among other things, this can tell you whether the response came from the Akamai cache, or from the origin. Status values report with either of these forms of syntax, depending for example on whether you're deploying traffic using `sureRoute` or `tieredDistribution`: This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "response_header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "Specifies the name of the HTTP header in which to report the cache status value.", + Type: schema.TypeString, + }, + }, + }, + }, + "rewrite_url": { + Optional: true, + Type: schema.TypeList, + Description: "Modifies the path of incoming requests to forward to the origin. This helps you offload URL-rewriting tasks to the edge to increase the origin server's performance, allows you to redirect links to different targets without changing markup, and hides your original directory structure. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"REPLACE", "REMOVE", "REWRITE", "PREPEND", "REGEX_REPLACE"}, false)), + Optional: true, + Description: "The action to perform on the path.", + Type: schema.TypeString, + }, + "match": { + ValidateDiagFunc: validateRegexOrVariable("^/([^:#\\[\\]@/?]+/)*$"), + Optional: true, + Description: "When `behavior` is `REMOVE` or `REPLACE`, specifies the part of the incoming path you'd like to remove or modify.", + Type: schema.TypeString, + }, + "match_regex": { + Optional: true, + Description: "When `behavior` is set to `REGEX_REPLACE`, specifies the Perl-compatible regular expression to replace with `targetRegex`.", + Type: schema.TypeString, + }, + "target_regex": { + Optional: true, + Description: "When `behavior` is set to `REGEX_REPLACE`, this replaces whatever the `matchRegex` field matches, along with any captured sequences from `\\$1` through `\\$9`.", + Type: schema.TypeString, + }, + "target_path": { + ValidateDiagFunc: validateRegexOrVariable("^/([^:#\\[\\]@/?]+/)*$"), + Optional: true, + Description: "When `behavior` is set to `REPLACE`, this path replaces whatever the `match` field matches in the incoming request's path.", + Type: schema.TypeString, + }, + "target_path_prepend": { + ValidateDiagFunc: validateRegexOrVariable("^/([^:#\\[\\]@/?]+/)*$"), + Optional: true, + Description: "When `behavior` is set to `PREPEND`, specifies a path to prepend to the incoming request's URL.", + Type: schema.TypeString, + }, + "target_url": { + ValidateDiagFunc: validateRegexOrVariable("(/\\S*)?$"), + Optional: true, + Description: "When `behavior` is set to `REWRITE`, specifies the full path to request from the origin.", + Type: schema.TypeString, + }, + "match_multiple": { + Optional: true, + Description: "When enabled, replaces all potential matches rather than only the first.", + Type: schema.TypeBool, + }, + "keep_query_string": { + Optional: true, + Description: "When enabled, retains the original path's query parameters.", + Type: schema.TypeBool, + }, + }, + }, + }, + "rum_custom": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "rum_sample_rate": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the percentage of web traffic to include in your RUM report.", + Type: schema.TypeInt, + }, + "rum_group_name": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^[0-9a-zA-Z]*$")), + Optional: true, + Description: "A deprecated option to specify an alternate name under which to batch this set of web traffic in your report. Do not use it.", + Type: schema.TypeString, + }, + }, + }, + }, + "saas_definitions": { + Optional: true, + Type: schema.TypeList, + Description: "Configures how the Software as a Service feature identifies `customers`, `applications`, and `users`. A different set of options is available for each type of targeted request, each enabled with the `action`-suffixed option. In each case, you can use `PATH`, `COOKIE`, `QUERY_STRING`, or `HOSTNAME` components as identifiers, or `disable` the SaaS behavior for certain targets. If you rely on a `HOSTNAME`, you also have the option of specifying a `CNAME chain` rather than an individual hostname. The various options suffixed `regex` and `replace` subsequently remove the identifier from the request. This behavior requires a sibling `origin` behavior whose `originType` option is set to `SAAS_DYNAMIC_ORIGIN`. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "customer_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "customer_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DISABLED", "HOSTNAME", "PATH", "QUERY_STRING", "COOKIE"}, false)), + Optional: true, + Description: "Specifies the request component that identifies a SaaS customer.", + Type: schema.TypeString, + }, + "customer_cname_enabled": { + Optional: true, + Description: "Enabling this allows you to identify customers using a `CNAME chain` rather than a single hostname.", + Type: schema.TypeBool, + }, + "customer_cname_level": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the number of CNAMEs to use in the chain.", + Type: schema.TypeInt, + }, + "customer_cookie": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This specifies the name of the cookie that identifies the customer.", + Type: schema.TypeString, + }, + "customer_query_string": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "This names the query parameter that identifies the customer.", + Type: schema.TypeString, + }, + "customer_regex": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9\\:\\[\\]\\{\\}\\(\\)\\.\\?_\\-\\*\\+\\^\\$\\\\\\/\\|&=!]{1,250})$"), + Optional: true, + Description: "Specifies a Perl-compatible regular expression with which to substitute the request's customer ID.", + Type: schema.TypeString, + }, + "customer_replace": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z0-9_\\-]|\\$[1-9]){1,250})$"), + Optional: true, + Description: "Specifies a string to replace the request's customer ID matched by `customerRegex`.", + Type: schema.TypeString, + }, + "application_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "application_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DISABLED", "HOSTNAME", "PATH", "QUERY_STRING", "COOKIE"}, false)), + Optional: true, + Description: "Specifies the request component that identifies a SaaS application.", + Type: schema.TypeString, + }, + "application_cname_enabled": { + Optional: true, + Description: "Enabling this allows you to identify applications using a `CNAME chain` rather than a single hostname.", + Type: schema.TypeBool, + }, + "application_cname_level": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the number of CNAMEs to use in the chain.", + Type: schema.TypeInt, + }, + "application_cookie": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This specifies the name of the cookie that identifies the application.", + Type: schema.TypeString, + }, + "application_query_string": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "This names the query parameter that identifies the application.", + Type: schema.TypeString, + }, + "application_regex": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9\\:\\[\\]\\{\\}\\(\\)\\.\\?_\\-\\*\\+\\^\\$\\\\\\/\\|&=!]{1,250})$"), + Optional: true, + Description: "Specifies a Perl-compatible regular expression with which to substitute the request's application ID.", + Type: schema.TypeString, + }, + "application_replace": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z0-9_\\-]|\\$[1-9]){1,250})$"), + Optional: true, + Description: "Specifies a string to replace the request's application ID matched by `applicationRegex`.", + Type: schema.TypeString, + }, + "users_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "users_action": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DISABLED", "HOSTNAME", "PATH", "QUERY_STRING", "COOKIE"}, false)), + Optional: true, + Description: "Specifies the request component that identifies a SaaS user.", + Type: schema.TypeString, + }, + "users_cname_enabled": { + Optional: true, + Description: "Enabling this allows you to identify users using a `CNAME chain` rather than a single hostname.", + Type: schema.TypeBool, + }, + "users_cname_level": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the number of CNAMEs to use in the chain.", + Type: schema.TypeInt, + }, + "users_cookie": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "This specifies the name of the cookie that identifies the user.", + Type: schema.TypeString, + }, + "users_query_string": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "This names the query parameter that identifies the user.", + Type: schema.TypeString, + }, + "users_regex": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9\\:\\[\\]\\{\\}\\(\\)\\.\\?_\\-\\*\\+\\^\\$\\\\\\/\\|&=!]{1,250})$"), + Optional: true, + Description: "Specifies a Perl-compatible regular expression with which to substitute the request's user ID.", + Type: schema.TypeString, + }, + "users_replace": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z0-9_\\-]|\\$[1-9]){1,250})$"), + Optional: true, + Description: "Specifies a string to replace the request's user ID matched by `usersRegex`.", + Type: schema.TypeString, + }, + }, + }, + }, + "sales_force_commerce_cloud_client": { + Optional: true, + Type: schema.TypeList, + Description: "If you use the Salesforce Commerce Cloud platform for your origin content, this behavior allows your edge content managed by Akamai to contact directly to origin. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Akamai Connector for Salesforce Commerce Cloud.", + Type: schema.TypeBool, + }, + "connector_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\.]+\\-[a-zA-Z0-9_\\.]+\\-[a-zA-Z0-9\\-_\\.]+$|^door2.dw.com$"), + Optional: true, + Description: "An ID value that helps distinguish different types of traffic sent from Akamai to the Salesforce Commerce Cloud. Form the value as `instance-realm-customer`, where `instance` is either `production` or `development`, `realm` is your Salesforce Commerce Cloud service `$REALM` value, and `customer` is the name for your organization in Salesforce Commerce Cloud. You can use alphanumeric characters, underscores, or dot characters within dash-delimited segment values.", + Type: schema.TypeString, + }, + "origin_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DEFAULT", "CUSTOMER"}, false)), + Optional: true, + Description: "Specifies where the origin is.", + Type: schema.TypeString, + }, + "sf3c_origin_host": { + Optional: true, + Description: "This specifies the hostname or IP address of the custom Salesforce origin.", + Type: schema.TypeString, + }, + "origin_host_header": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DEFAULT", "CUSTOMER"}, false)), + Optional: true, + Description: "Specifies where the `Host` header is defined.", + Type: schema.TypeString, + }, + "sf3c_origin_host_header": { + Optional: true, + Description: "This specifies the hostname or IP address of the custom Salesforce host header.", + Type: schema.TypeString, + }, + "allow_override_origin_cache_key": { + Optional: true, + Description: "When enabled, overrides the forwarding origin's cache key.", + Type: schema.TypeBool, + }, + }, + }, + }, + "sales_force_commerce_cloud_provider": { + Optional: true, + Type: schema.TypeList, + Description: "This manages traffic between mutual customers and the Salesforce Commerce Cloud platform. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables Akamai Provider for Salesforce Commerce Cloud.", + Type: schema.TypeBool, + }, + }, + }, + }, + "sales_force_commerce_cloud_provider_host_header": { + Optional: true, + Type: schema.TypeList, + Description: "Manages host header values sent to the Salesforce Commerce Cloud platform. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "host_header_source": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"PROPERTY", "CUSTOMER"}, false)), + Optional: true, + Description: "Specify where the host header derives from.", + Type: schema.TypeString, + }, + }, + }, + }, + "save_post_dca_processing": { + Optional: true, + Type: schema.TypeList, + Description: "Used in conjunction with the `cachePost` behavior, this behavior allows the body of POST requests to be processed through Dynamic Content Assembly. Contact Akamai Professional Services for help configuring it. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables processing of POST requests.", + Type: schema.TypeBool, + }, + }, + }, + }, + "schedule_invalidation": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies when cached content that satisfies a rule's criteria expires, optionally at repeating intervals. In addition to periodic cache flushes, you can use this behavior to minimize potential conflicts when related objects expire at different times. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "start": { + Optional: true, + Description: "The UTC date and time when matching cached content is to expire.", + Type: schema.TypeString, + }, + "repeat": { + Optional: true, + Description: "When enabled, invalidation recurs periodically from the `start` time based on the `repeatInterval` time.", + Type: schema.TypeBool, + }, + "repeat_interval": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies how often to invalidate content from the `start` time, expressed in seconds. For example, an expiration set to midnight and an interval of `86400` seconds invalidates content once a day. Repeating intervals of less than 5 minutes are not allowed for `NetStorage` origins.", + Type: schema.TypeString, + }, + "refresh_method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"INVALIDATE", "PURGE"}, false)), + Optional: true, + Description: "Specifies how to invalidate the content.", + Type: schema.TypeString, + }, + }, + }, + }, + "script_management": { + Optional: true, + Type: schema.TypeList, + Description: "Ensures unresponsive linked JavaScript files do not prevent HTML pages from loading. See `Script Management API` for more information. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Script Management feature.", + Type: schema.TypeBool, + }, + "serviceworker": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"YES_SERVICE_WORKER", "NO_SERVICE_WORKER"}, false)), + Optional: true, + Description: "Script Management uses a JavaScript service worker called `akam-sw.js`. It applies a policy that helps you manage scripts.", + Type: schema.TypeString, + }, + "timestamp": { + Optional: true, + Description: "A read-only epoch timestamp that represents the last time a Script Management policy was synchronized with its Ion property.", + Type: schema.TypeInt, + }, + }, + }, + }, + "segmented_content_protection": { + Optional: true, + Type: schema.TypeList, + Description: "Validates authorization tokens at the edge server to prevent unauthorized link sharing. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "token_authentication_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the segmented content protection behavior.", + Type: schema.TypeBool, + }, + "key": { + ValidateDiagFunc: validateRegexOrVariable("^(0x)?[0-9a-fA-F]{32}$"), + Optional: true, + Description: "Specifies the encryption key to use as a shared secret to validate tokens.", + Type: schema.TypeString, + }, + "use_advanced": { + Optional: true, + Description: "Allows you to specify advanced `transitionKey` and `salt` options.", + Type: schema.TypeBool, + }, + "transition_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^(0x)?[0-9a-fA-F]{32}$")), + Optional: true, + Description: "An alternate encryption key to match along with the `key` field, allowing you to rotate keys with no down time.", + Type: schema.TypeString, + }, + "salt": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validation.ToDiagFunc(validation.StringLenBetween(16, 16))), + Optional: true, + Description: "Specifies a salt as input into the token for added security. This value needs to match the salt used in the token generation code.", + Type: schema.TypeString, + }, + "header_for_salt": { + Optional: true, + Description: "This allows you to include additional salt properties specific to each end user to strengthen the relationship between the session token and playback session. This specifies the set of request headers whose values generate the salt value, typically `User-Agent`, `X-Playback-Session-Id`, and `Origin`. Any specified header needs to appear in the player's request.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "field_carry_over": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "session_id": { + Optional: true, + Description: "Enabling this option carries the `session_id` value from the access token over to the session token, for use in tracking and counting unique playback sessions.", + Type: schema.TypeBool, + }, + "data_payload": { + Optional: true, + Description: "Enabling this option carries the `data/payload` field from the access token over to the session token, allowing access to opaque data for log analysis for a URL protected by a session token.", + Type: schema.TypeBool, + }, + "ip": { + Optional: true, + Description: "Enabling this restricts content access to a specific IP address, only appropriate if it does not change during the playback session.", + Type: schema.TypeBool, + }, + "acl": { + Optional: true, + Description: "Enabling this option carries the `ACL` field from the access token over to the session token, to limit the requesting client's access to the specific URL or path set in the `ACL` field. Playback may fail if the base path of the master playlist (and variant playlist, plus segments) varies from that of the `ACL` field.", + Type: schema.TypeBool, + }, + "token_auth_hls_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_token_in_uri": { + Optional: true, + Description: "When enabled, passes tokens in HLS variant manifest URLs and HLS segment URLs, as an alternative to cookies.", + Type: schema.TypeBool, + }, + "hls_master_manifest_files": { + Optional: true, + Description: "Specifies the set of filenames that form HLS master manifest URLs. You can use `*` wildcard character that matches zero or more characters. Make sure to specify master manifest filenames uniquely, to distinguish them from variant manifest files.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "token_auth_dash_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enable_token_in_query_string": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "token_revocation_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "token_revocation_enabled": { + Optional: true, + Description: "Enable this to deny requests from playback URLs that contain a `TokenAuth` token that uses specific token identifiers.", + Type: schema.TypeBool, + }, + "revoked_list_id": { + Optional: true, + Description: "Identifies the `TokenAuth` tokens to block from accessing your content.", + Type: schema.TypeInt, + }, + "media_encryption_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "hls_media_encryption": { + Optional: true, + Description: "Enables HLS Segment Encryption.", + Type: schema.TypeBool, + }, + "dash_media_encryption": { + Optional: true, + Description: "Whether to enable DASH Media Encryption.", + Type: schema.TypeBool, + }, + }, + }, + }, + "segmented_media_optimization": { + Optional: true, + Type: schema.TypeList, + Description: "Optimizes segmented media for live or streaming delivery contexts. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "behavior": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ON_DEMAND", "LIVE"}, false)), + Optional: true, + Description: "Sets the type of media content to optimize.", + Type: schema.TypeString, + }, + "enable_ull_streaming": { + Optional: true, + Description: "Enables ultra low latency (ULL) streaming. ULL reduces latency and decreases overall transfer time of live streams.", + Type: schema.TypeBool, + }, + "show_advanced": { + Optional: true, + Description: "Allows you to configure advanced media options.", + Type: schema.TypeBool, + }, + "live_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CONTINUOUS", "EVENT"}, false)), + Optional: true, + Description: "The type of live media.", + Type: schema.TypeString, + }, + "start_time": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "This specifies when the live media event begins.", + Type: schema.TypeString, + }, + "end_time": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "This specifies when the live media event ends.", + Type: schema.TypeString, + }, + "dvr_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CONFIGURABLE", "UNKNOWN"}, false)), + Optional: true, + Description: "The type of DVR.", + Type: schema.TypeString, + }, + "dvr_window": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Set the duration for your media, or `0m` if a DVR is not required.", + Type: schema.TypeString, + }, + }, + }, + }, + "segmented_media_streaming_prefetch": { + Optional: true, + Type: schema.TypeList, + Description: "Prefetches HLS and DASH media stream manifest and segment files, accelerating delivery to end users. For prefetching to work, your origin media's response needs to specify `CDN-Origin-Assist-Prefetch-Path` headers with each URL to prefetch, expressed as either a relative or absolute path. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables media stream prefetching.", + Type: schema.TypeBool, + }, + }, + }, + }, + "set_variable": { + Optional: true, + Type: schema.TypeList, + Description: "Modify a variable to insert into subsequent fields within the rule tree. Use this behavior to specify the predeclared `variableName` and determine from where to derive its new value. Based on this `valueSource`, you can either generate the value, extract it from some part of the incoming request, assign it from another variable (including a set of built-in system variables), or directly specify its text. Optionally choose a `transform` function to modify the value once. See `Support for variables` for more information. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "variable_name": { + Optional: true, + Description: "Specifies the predeclared root name of the variable to modify. When you declare a variable name such as `VAR`, its name is preprended with `PMUSER_` and accessible in a `user` namespace, so that you invoke it in subsequent text fields within the rule tree as `{{user.PMUSER_VAR}}`. In deployed `XML metadata`, it appears as `%(PMUSER_VAR)`.", + Type: schema.TypeString, + }, + "value_source": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"EXPRESSION", "EXTRACT", "GENERATE"}, false)), + Optional: true, + Description: "Determines how you want to set the value.", + Type: schema.TypeString, + }, + "variable_value": { + Optional: true, + Description: "This directly specifies the value to assign to the variable. The expression may include a mix of static text and other variables, such as `new_filename.{{builtin.AK_EXTENSION}}` to embed a system variable.", + Type: schema.TypeString, + }, + "extract_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_CERTIFICATE", "CLIENT_REQUEST_HEADER", "COOKIE", "EDGESCAPE", "PATH_COMPONENT_OFFSET", "QUERY_STRING", "DEVICE_PROFILE", "RESPONSE_HEADER", "SET_COOKIE"}, false)), + Optional: true, + Description: "This specifies from where to get the value.", + Type: schema.TypeString, + }, + "certificate_field_name": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"VERSION", "SERIAL", "FINGERPRINT_MD5", "FINGERPRINT_SHA1", "FINGERPRINT_DYN", "ISSUER_DN", "SUBJECT_DN", "NOT_BEFORE", "NOT_AFTER", "SIGNATURE_ALGORITHM", "SIGNATURE", "CONTENTS_DER", "CONTENTS_PEM", "CONTENTS_PEM_NO_LABELS", "COUNT", "STATUS_MSG", "KEY_LENGTH"}, false)), + Optional: true, + Description: "Specifies the certificate's content.", + Type: schema.TypeString, + }, + "header_name": { + Optional: true, + Description: "Specifies the case-insensitive name of the HTTP header to extract.", + Type: schema.TypeString, + }, + "response_header_name": { + Optional: true, + Description: "Specifies the case-insensitive name of the HTTP header to extract.", + Type: schema.TypeString, + }, + "set_cookie_name": { + Optional: true, + Description: "Specifies the name of the origin's `Set-Cookie` response header.", + Type: schema.TypeString, + }, + "cookie_name": { + Optional: true, + Description: "Specifies the name of the cookie to extract.", + Type: schema.TypeString, + }, + "location_id": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"GEOREGION", "COUNTRY_CODE", "REGION_CODE", "CITY", "DMA", "PMSA", "MSA", "AREACODE", "COUNTY", "FIPS", "LAT", "LONG", "TIMEZONE", "ZIP", "CONTINENT", "NETWORK", "NETWORK_TYPE", "ASNUM", "THROUGHPUT", "BW"}, false)), + Optional: true, + Description: "Specifies the `X-Akamai-Edgescape` header's field name. Possible values specify basic geolocation, various geographic standards, and information about the client's network. For details on EdgeScape header fields, see the `EdgeScape User Guide`.", + Type: schema.TypeString, + }, + "path_component_offset": { + Optional: true, + Description: "This specifies a portion of the path. The indexing starts from `1`, so a value of `/path/to/nested/filename.html` and an offset of `1` yields `path`, and `3` yields `nested`. Negative indexes offset from the right, so `-2` also yields `nested`.", + Type: schema.TypeString, + }, + "query_parameter_name": { + Optional: true, + Description: "Specifies the name of the query parameter from which to extract the value.", + Type: schema.TypeString, + }, + "generator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HEXRAND", "RAND"}, false)), + Optional: true, + Description: "This specifies the type of value to generate.", + Type: schema.TypeString, + }, + "number_of_bytes": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(1, 16)), + Optional: true, + Description: "Specifies the number of random hex bytes to generate.", + Type: schema.TypeInt, + }, + "min_random_number": { + Optional: true, + Description: "Specifies the lower bound of the random number.", + Type: schema.TypeInt, + }, + "max_random_number": { + Optional: true, + Description: "Specifies the upper bound of the random number.", + Type: schema.TypeInt, + }, + "transform": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NONE", "ADD", "BASE_64_DECODE", "BASE_64_ENCODE", "BASE_32_DECODE", "BASE_32_ENCODE", "BITWISE_AND", "BITWISE_NOT", "BITWISE_OR", "BITWISE_XOR", "DECIMAL_TO_HEX", "DECRYPT", "DIVIDE", "ENCRYPT", "EPOCH_TO_STRING", "EXTRACT_PARAM", "HASH", "JSON_EXTRACT", "HEX_TO_DECIMAL", "HEX_DECODE", "HEX_ENCODE", "HMAC", "LOWER", "MD5", "MINUS", "MODULO", "MULTIPLY", "NORMALIZE_PATH_WIN", "REMOVE_WHITESPACE", "COMPRESS_WHITESPACE", "SHA_1", "SHA_256", "STRING_INDEX", "STRING_LENGTH", "STRING_TO_EPOCH", "SUBSTITUTE", "SUBSTRING", "SUBTRACT", "TRIM", "UPPER", "BASE_64_URL_DECODE", "BASE_64_URL_ENCODE", "URL_DECODE", "URL_ENCODE", "URL_DECODE_UNI", "UTC_SECONDS", "XML_DECODE", "XML_ENCODE"}, false)), + Optional: true, + Description: "Specifies a function to transform the value. For more details on each transform function, see `Set Variable: Operations`.", + Type: schema.TypeString, + }, + "operand_one": { + Optional: true, + Description: "Specifies an additional operand when the `transform` function is set to various arithmetic functions (`ADD`, `SUBTRACT`, `MULTIPLY`, `DIVIDE`, or `MODULO`) or bitwise functions (`BITWISE_AND`, `BITWISE_OR`, or `BITWISE_XOR`).", + Type: schema.TypeString, + }, + "algorithm": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ALG_3DES", "ALG_AES128", "ALG_AES256"}, false)), + Optional: true, + Description: "Specifies the algorithm to apply.", + Type: schema.TypeString, + }, + "encryption_key": { + ValidateDiagFunc: validateRegexOrVariable("^(0x)?[0-9a-fA-F]+$"), + Optional: true, + Description: "Specifies the encryption hex key. For `ALG_3DES` it needs to be 48 characters long, 32 characters for `ALG_AES128`, and 64 characters for `ALG_AES256`.", + Type: schema.TypeString, + }, + "initialization_vector": { + ValidateDiagFunc: validateRegexOrVariable("^(0x)?[0-9a-fA-F]+$"), + Optional: true, + Description: "Specifies a one-time number as an initialization vector. It needs to be 15 characters long for `ALG_3DES`, and 32 characters for both `ALG_AES128` and `ALG_AES256`.", + Type: schema.TypeString, + }, + "encryption_mode": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CBC", "ECB"}, false)), + Optional: true, + Description: "Specifies the encryption mode.", + Type: schema.TypeString, + }, + "nonce": { + Optional: true, + Description: "Specifies the one-time number used for encryption.", + Type: schema.TypeString, + }, + "prepend_bytes": { + Optional: true, + Description: "Specifies a number of random bytes to prepend to the key.", + Type: schema.TypeBool, + }, + "format_string": { + Optional: true, + Description: "Specifies an optional format string for the conversion, using format codes such as `%m/%d/%y` as specified by `strftime`. A blank value defaults to RFC-2616 format.", + Type: schema.TypeString, + }, + "param_name": { + Optional: true, + Description: "Extracts the value for the specified parameter name from a string that contains key/value pairs. (Use `separator` below to parse them.)", + Type: schema.TypeString, + }, + "separator": { + Optional: true, + Description: "Specifies the character that separates pairs of values within the string.", + Type: schema.TypeString, + }, + "min": { + Optional: true, + Description: "Specifies a minimum value for the generated integer.", + Type: schema.TypeInt, + }, + "max": { + Optional: true, + Description: "Specifies a maximum value for the generated integer.", + Type: schema.TypeInt, + }, + "hmac_key": { + Optional: true, + Description: "Specifies the secret to use in generating the base64-encoded digest.", + Type: schema.TypeString, + }, + "hmac_algorithm": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SHA1", "SHA256", "MD5"}, false)), + Optional: true, + Description: "Specifies the algorithm to use to generate the base64-encoded digest.", + Type: schema.TypeString, + }, + "ip_version": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IPV4", "IPV6"}, false)), + Optional: true, + Description: "Specifies the IP version under which a subnet mask generates.", + Type: schema.TypeString, + }, + "ipv6_prefix": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 128)), + Optional: true, + Description: "Specifies the prefix of the IPV6 address, a value between 0 and 128.", + Type: schema.TypeInt, + }, + "ipv4_prefix": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 32)), + Optional: true, + Description: "Specifies the prefix of the IPV4 address, a value between 0 and 32.", + Type: schema.TypeInt, + }, + "sub_string": { + Optional: true, + Description: "Specifies a substring for which the returned value represents a zero-based offset of where it appears in the original string, or `-1` if there's no match.", + Type: schema.TypeString, + }, + "regex": { + Optional: true, + Description: "Specifies the regular expression pattern (PCRE) to match the value.", + Type: schema.TypeString, + }, + "replacement": { + Optional: true, + Description: "Specifies the replacement string. Reinsert grouped items from the match into the replacement using `$1`, `$2` ... `$n`.", + Type: schema.TypeString, + }, + "case_sensitive": { + Optional: true, + Description: "Enabling this makes all matches case sensitive.", + Type: schema.TypeBool, + }, + "global_substitution": { + Optional: true, + Description: "Replaces all matches in the string, not just the first.", + Type: schema.TypeBool, + }, + "start_index": { + Optional: true, + Description: "Specifies the zero-based character offset at the start of the substring. Negative indexes specify the offset from the end of the string.", + Type: schema.TypeInt, + }, + "end_index": { + Optional: true, + Description: "Specifies the zero-based character offset at the end of the substring, without including the character at that index position. Negative indexes specify the offset from the end of the string.", + Type: schema.TypeInt, + }, + "except_chars": { + Optional: true, + Description: "Specifies characters `not` to encode, possibly overriding the default set.", + Type: schema.TypeString, + }, + "force_chars": { + Optional: true, + Description: "Specifies characters to encode, possibly overriding the default set.", + Type: schema.TypeString, + }, + "device_profile": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_MOBILE", "IS_TABLET", "IS_WIRELESS_DEVICE", "PHYSICAL_SCREEN_HEIGHT", "PHYSICAL_SCREEN_WIDTH", "RESOLUTION_HEIGHT", "RESOLUTION_WIDTH", "VIEWPORT_WIDTH", "BRAND_NAME", "DEVICE_OS", "DEVICE_OS_VERSION", "DUAL_ORIENTATION", "MAX_IMAGE_HEIGHT", "MAX_IMAGE_WIDTH", "MOBILE_BROWSER", "MOBILE_BROWSER_VERSION", "PDF_SUPPORT", "COOKIE_SUPPORT"}, false)), + Optional: true, + Description: "Specifies the client device attribute. Possible values specify information about the client device, including device type, size and browser. For details on fields, see `Device Characterization`.", + Type: schema.TypeString, + }, + }, + }, + }, + "simulate_error_code": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior simulates various error response codes. Contact Akamai Professional Services for help configuring it. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "error_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ERR_DNS_TIMEOUT", "ERR_SUREROUTE_DNS_FAIL", "ERR_DNS_FAIL", "ERR_CONNECT_TIMEOUT", "ERR_NO_GOOD_FWD_IP", "ERR_DNS_IN_REGION", "ERR_CONNECT_FAIL", "ERR_READ_TIMEOUT", "ERR_READ_ERROR", "ERR_WRITE_ERROR"}, false)), + Optional: true, + Description: "Specifies the type of error.", + Type: schema.TypeString, + }, + "timeout": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "When the `errorType` is `ERR_CONNECT_TIMEOUT`, `ERR_DNS_TIMEOUT`, `ERR_SUREROUTE_DNS_FAIL`, or `ERR_READ_TIMEOUT`, generates an error after the specified amount of time from the initial request.", + Type: schema.TypeString, + }, + }, + }, + }, + "site_shield": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior implements the `Site Shield` feature, which helps prevent non-Akamai machines from contacting your origin. You get an email with a list of Akamai servers allowed to contact your origin, with which you establish an Access Control List on your firewall to prevent any other requests. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "ssmap": { + Optional: true, + Description: "Identifies the hostname for the Site Shield map. See `Create a Site Shield map` for more details. Form an object with a `value` key that references the hostname, for example: `\"ssmap\":{\"value\":\"ss.akamai.net\"}`.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "value": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "srmap": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "china_cdn_map": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "has_mixed_hosts": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "src": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"FALLBACK", "PROTECTED_HOST_MATCH", "ORIGIN_MATCH", "PREVIOUS_MAP", "PROPERTY_MATCH"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "nossmap": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "standard_tls_migration": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows migration to Standard TLS.", + Type: schema.TypeBool, + }, + "migration_from": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SHARED_CERT", "NON_SECURE", "ENHANCED_SECURE"}, false)), + Optional: true, + Description: "What kind of traffic you're migrating from.", + Type: schema.TypeString, + }, + "allow_https_upgrade": { + Optional: true, + Description: "Allows temporary upgrade of HTTP traffic to HTTPS.", + Type: schema.TypeBool, + }, + "allow_https_downgrade": { + Optional: true, + Description: "Allow temporary downgrade of HTTPS traffic to HTTP. This removes various `Origin`, `Referer`, `Cookie`, `Cookie2`, `sec-*` and `proxy-*` headers from the request to origin.", + Type: schema.TypeBool, + }, + "migration_start_time": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies when to start migrating the cache.", + Type: schema.TypeString, + }, + "migration_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]$|^[1-2]\\d$|^30$"), + Optional: true, + Description: "Specifies the number of days to migrate the cache.", + Type: schema.TypeInt, + }, + "cache_sharing_start_time": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies when to start cache sharing.", + Type: schema.TypeString, + }, + "cache_sharing_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]$|^[1-2]\\d$|^30$"), + Optional: true, + Description: "Specifies the number cache sharing days.", + Type: schema.TypeInt, + }, + "is_certificate_sni_only": { + Optional: true, + Description: "Sets whether your new certificate is SNI-only.", + Type: schema.TypeBool, + }, + "is_tiered_distribution_used": { + Optional: true, + Description: "Allows you to align traffic to various `tieredDistribution` areas.", + Type: schema.TypeBool, + }, + "td_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"GLOBAL", "APAC", "EUROPE", "US_EAST", "US_CENTRAL", "US_WEST", "AUSTRALIA", "GLOBAL_LEGACY"}, false)), + Optional: true, + Description: "Specifies the `tieredDistribution` location.", + Type: schema.TypeString, + }, + }, + }, + }, + "standard_tls_migration_override": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior is for internal usage only. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "info": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "strict_header_parsing": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior specifies how the edge servers should handle requests containing improperly formatted or invalid headers that don’t comply with `RFC 9110`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "valid_mode": { + Optional: true, + Description: "Rejects requests made with non-RFC-compliant headers that contain invalid characters in the header name or value or which contain invalidly-folded header lines. When disabled, the edge servers allow such requests, passing the invalid headers to the origin server unchanged.", + Type: schema.TypeBool, + }, + "strict_mode": { + Optional: true, + Description: "Rejects requests made with non-RFC-compliant, improperly formatted headers, where the header line starts with a colon, misses a colon or doesn’t end with CR LF. When disabled, the edge servers allow such requests, but correct the violation by removing or rewriting the header line before passing the headers to the origin server.", + Type: schema.TypeBool, + }, + }, + }, + }, + "sub_customer": { + Optional: true, + Type: schema.TypeList, + Description: "When positioned in a property's top-level default rule, enables various `Cloud Embed` features that allow you to leverage Akamai's CDN architecture for your own subcustomers. This behavior's options allow you to use Cloud Embed to configure your subcustomers' content. Once enabled, you can use the `Akamai Cloud Embed API` (ACE) to assign subcustomers to this base configuration, and to customize policies for them. See also the `dynamicWebContent` behavior to configure subcustomers' dynamic web content. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows Cloud Embed to dynamically modify your subcustomers' content.", + Type: schema.TypeBool, + }, + "origin": { + Optional: true, + Description: "Allows you to assign origin hostnames for customers.", + Type: schema.TypeBool, + }, + "partner_domain_suffix": { + Optional: true, + Description: "This specifies the appropriate domain suffix, which you should typically match with your property hostname. It identifies the domain as trustworthy on the Akamai network, despite being defined within Cloud Embed, outside of your base property configuration. Include this domain suffix if you want to purge subcustomer URLs. For example, if you provide a value of `suffix.example.com`, then to purge `subcustomer.com/some/path`, specify `subcustomer.com.suffix.example.com/some/path` as the purge request's URL.", + Type: schema.TypeString, + }, + "caching": { + Optional: true, + Description: "Modifies content caching rules.", + Type: schema.TypeBool, + }, + "referrer": { + Optional: true, + Description: "Sets subcustomers' referrer whitelists or blacklist.", + Type: schema.TypeBool, + }, + "ip": { + Optional: true, + Description: "Sets subcustomers' IP whitelists or blacklists.", + Type: schema.TypeBool, + }, + "geo_location": { + Optional: true, + Description: "Sets subcustomers' location-based whitelists or blacklists.", + Type: schema.TypeBool, + }, + "refresh_content": { + Optional: true, + Description: "Allows you to reschedule when content validates for subcustomers.", + Type: schema.TypeBool, + }, + "modify_path": { + Optional: true, + Description: "Modifies a subcustomer's request path.", + Type: schema.TypeBool, + }, + "cache_key": { + Optional: true, + Description: "Allows you to set which query parameters are included in the cache key.", + Type: schema.TypeBool, + }, + "token_authorization": { + Optional: true, + Description: "When enabled, this allows you to configure edge servers to use tokens to control access to subcustomer content. Use Cloud Embed to configure the token to appear in a cookie, header, or query parameter.", + Type: schema.TypeBool, + }, + "site_failover": { + Optional: true, + Description: "Allows you to configure unique failover sites for each subcustomer's policy.", + Type: schema.TypeBool, + }, + "content_compressor": { + Optional: true, + Description: "Allows compression of subcustomer content.", + Type: schema.TypeBool, + }, + "access_control": { + Optional: true, + Description: "When enabled, this allows you to deny requests to a subcustomer's content based on specific match conditions, which you use Cloud Embed to configure in each subcustomer's policy.", + Type: schema.TypeBool, + }, + "dynamic_web_content": { + Optional: true, + Description: "Allows you to apply the `dynamicWebContent` behavior to further modify how dynamic content behaves for subcustomers.", + Type: schema.TypeBool, + }, + "on_demand_video_delivery": { + Optional: true, + Description: "Enables delivery of media assets to subcustomers.", + Type: schema.TypeBool, + }, + "large_file_delivery": { + Optional: true, + Description: "Enables large file delivery for subcustomers.", + Type: schema.TypeBool, + }, + "live_video_delivery": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "web_application_firewall": { + Optional: true, + Description: "Web application firewall (WAF) filters, monitors, and blocks certain HTTP traffic. Use `Akamai Cloud Embed` to add a specific behavior to a subcustomer policy and configure how WAF protection is applied.", + Type: schema.TypeBool, + }, + }, + }, + }, + "sure_route": { + Optional: true, + Type: schema.TypeList, + Description: "The `SureRoute` feature continually tests different routes between origin and edge servers to identify the optimal path. By default, it conducts `races` to identify alternative paths to use in case of a transmission failure. These races increase origin traffic slightly. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the SureRoute behavior, to optimize delivery of non-cached content.", + Type: schema.TypeBool, + }, + "type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"PERFORMANCE", "CUSTOM_MAP"}, false)), + Optional: true, + Description: "Specifies the set of edge servers used to test routes.", + Type: schema.TypeString, + }, + "custom_map": { + Optional: true, + Description: "If `type` is `CUSTOM_MAP`, this specifies the map string provided to you by Akamai Professional Services, or included as part of the `Site Shield` product.", + Type: schema.TypeString, + }, + "test_object_url": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the path and filename for your origin's test object to use in races to test routes.", + Type: schema.TypeString, + }, + "sr_download_link_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "to_host_status": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"INCOMING_HH", "OTHER"}, false)), + Optional: true, + Description: "Specifies which hostname to use.", + Type: schema.TypeString, + }, + "to_host": { + Optional: true, + Description: "If `toHostStatus` is `OTHER`, this specifies the custom `Host` header to use when requesting the SureRoute test object.", + Type: schema.TypeString, + }, + "race_stat_ttl": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the time-to-live to preserve SureRoute race results, typically `30m`. If traffic exceeds a certain threshold after TTL expires, the overflow is routed directly to the origin, not necessarily optimally. If traffic remains under the threshold, the route is determined by the winner of the most recent race.", + Type: schema.TypeString, + }, + "force_ssl_forward": { + Optional: true, + Description: "Forces SureRoute to use SSL when requesting the origin's test object, appropriate if your origin does not respond to HTTP requests, or responds with a redirect to HTTPS.", + Type: schema.TypeBool, + }, + "allow_fcm_parent_override": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + "enable_custom_key": { + Optional: true, + Description: "When disabled, caches race results under the race destination's hostname. If enabled, use `customStatKey` to specify a custom hostname.", + Type: schema.TypeBool, + }, + "custom_stat_key": { + ValidateDiagFunc: validateRegexOrVariable("^([a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,62})+$"), + Optional: true, + Description: "This specifies a hostname under which to cache race results. This may be useful when a property corresponds to many origin hostnames. By default, SureRoute would launch races for each origin, but consolidating under a single hostname runs only one race.", + Type: schema.TypeString, + }, + }, + }, + }, + "tcp_optimization": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior is deprecated, but you should not disable or remove it if present. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "display": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "tea_leaf": { + Optional: true, + Type: schema.TypeList, + Description: "Allows IBM Tealeaf Customer Experience on Cloud to record HTTPS requests and responses for Akamai-enabled properties. Recorded data becomes available in your IBM Tealeaf account. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, capture HTTPS requests and responses, and send the data to your IBM Tealeaf account.", + Type: schema.TypeBool, + }, + "limit_to_dynamic": { + Optional: true, + Description: "Limit traffic to dynamic, uncached (`No-Store`) content.", + Type: schema.TypeBool, + }, + "ibm_customer_id": { + Optional: true, + Description: "The integer identifier for the IBM Tealeaf Connector account.", + Type: schema.TypeInt, + }, + }, + }, + }, + "tiered_distribution": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows Akamai edge servers to retrieve cached content from other Akamai servers, rather than directly from the origin. These interim `parent` servers in the `cache hierarchy` (`CH`) are positioned close to the origin, and fall along the path from the origin to the edge server. Tiered Distribution typically reduces the origin server's load, and reduces the time it takes for edge servers to refresh content. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, activates tiered distribution.", + Type: schema.TypeBool, + }, + "tiered_distribution_map": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CH2", "CHAPAC", "CHEU2", "CHEUS2", "CHCUS2", "CHWUS2", "CHAUS", "CH"}, false)), + Optional: true, + Description: "Optionally map the tiered parent server's location close to your origin. A narrower local map minimizes the origin server's load, and increases the likelihood the requested object is cached. A wider global map reduces end-user latency, but decreases the likelihood the requested object is in any given parent server's cache. This option cannot apply if the property is marked as secure. See `Secure property requirements` for guidance.", + Type: schema.TypeString, + }, + }, + }, + }, + "tiered_distribution_advanced": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows Akamai edge servers to retrieve cached content from other Akamai servers, rather than directly from the origin. These interim `parent` servers in the `cache hierarchy` (`CH`) are positioned close to the origin, and fall along the path from the origin to the edge server. Tiered Distribution typically reduces the origin server's load, and reduces the time it takes for edge servers to refresh content. This advanced behavior provides a wider set of options than `tieredDistribution`. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "When enabled, activates tiered distribution.", + Type: schema.TypeBool, + }, + "method": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SERIAL_PREPEND", "DOMAIN_LOOKUP"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "policy": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"PERFORMANCE", "TIERED_DISTRIBUTION", "FAIL_OVER", "SITE_SHIELD", "SITE_SHIELD_PERFORMANCE"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "tiered_distribution_map": { + Optional: true, + Description: "Optionally map the tiered parent server's location close to your origin: `CHEU2` for Europe; `CHAUS` for Australia; `CHAPAC` for China and the Asian Pacific area; `CHWUS2`, `CHCUS2`, and `CHEUS2` for different parts of the United States. Choose `CH` or `CH2` for a more global map. A narrower local map minimizes the origin server's load, and increases the likelihood the requested object is cached. A wider global map reduces end-user latency, but decreases the likelihood the requested object is in any given parent server's cache. This option cannot apply if the property is marked as secure. See `Secure property requirements` for guidance.", + Type: schema.TypeString, + }, + "allowall": { + Optional: true, + Description: "", + Type: schema.TypeBool, + }, + }, + }, + }, + "tiered_distribution_customization": { + Optional: true, + Type: schema.TypeList, + Description: "With Tiered Distribution, Akamai edge servers retrieve cached content from other Akamai servers, rather than directly from the origin. This behavior sets custom Tiered Distribution maps (TD0) and migrates TD1 maps configured with `advanced features` to Cloud Wrapper. You need to enable `cloudWrapper` within the same rule. This behavior is for internal usage only. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "tier1_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "custom_map_enabled": { + Optional: true, + Description: "Enables custom maps.", + Type: schema.TypeBool, + }, + "custom_map_name": { + ValidateDiagFunc: validateRegexOrVariable("^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)+(akamai|akamaiedge)\\.net$"), + Optional: true, + Description: "Specifies the custom map name.", + Type: schema.TypeString, + }, + "serial_start": { + Optional: true, + Description: "Specifies a numeric serial start value.", + Type: schema.TypeString, + }, + "serial_end": { + Optional: true, + Description: "Specifies a numeric serial end value. Akamai uses serial numbers to group machines and share objects in their cache with other machines in the same region.", + Type: schema.TypeString, + }, + "hash_algorithm": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"GCC", "JENKINS"}, false)), + Optional: true, + Description: "Specifies the hash algorithm.", + Type: schema.TypeString, + }, + "cloudwrapper_map_migration_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "map_migration_enabled": { + Optional: true, + Description: "Enables migration of the custom map to Cloud Wrapper.", + Type: schema.TypeBool, + }, + "migration_within_cw_maps_enabled": { + Optional: true, + Description: "Enables migration within Cloud Wrapper maps.", + Type: schema.TypeBool, + }, + "location": { + Optional: true, + Description: "Location from which Cloud Wrapper migration is performed. User should choose the existing Cloud Wrapper location. The new Cloud Wrapper location (to which migration has to happen) is expected to be updated as part of the main \"Cloud Wrapper\" behavior.", + Type: schema.TypeString, + }, + "migration_start_date": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies when to start migrating the map.", + Type: schema.TypeString, + }, + "migration_end_date": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies when the map migration should end.", + Type: schema.TypeString, + }, + }, + }, + }, + "timeout": { + Optional: true, + Type: schema.TypeList, + Description: "Sets the HTTP connect timeout. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the timeout, for example `10s`.", + Type: schema.TypeString, + }, + }, + }, + }, + "uid_configuration": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows you to extract unique identifier (UID) values from live traffic, for use in OTA applications. Note that you are responsible for maintaining the security of any data that may identify individual users. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "legal_text": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Allows you to extract UIDs from client requests.", + Type: schema.TypeBool, + }, + "extract_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQUEST_HEADER", "QUERY_STRING", "VARIABLE"}, false)), + Optional: true, + Description: "Where to extract the UID value from.", + Type: schema.TypeString, + }, + "header_name": { + Optional: true, + Description: "This specifies the name of the HTTP header from which to extract the UID value.", + Type: schema.TypeString, + }, + "query_parameter_name": { + Optional: true, + Description: "This specifies the name of the query parameter from which to extract the UID value.", + Type: schema.TypeString, + }, + "variable_name": { + Optional: true, + Description: "This specifies the name of the rule tree variable from which to extract the UID value.", + Type: schema.TypeString, + }, + }, + }, + }, + "validate_entity_tag": { + Optional: true, + Type: schema.TypeList, + Description: "Instructs edge servers to compare the request's `ETag` header with that of the cached object. If they differ, the edge server sends a new copy of the object. This validation occurs in addition to the default validation of `Last-Modified` and `If-Modified-Since` headers. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the ETag validation behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + "verify_json_web_token": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows you to use JSON Web Tokens (JWT) to verify requests. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "extract_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQUEST_HEADER", "QUERY_STRING"}, false)), + Optional: true, + Description: "Specify from where to extract the JWT value.", + Type: schema.TypeString, + }, + "header_name": { + Optional: true, + Description: "This specifies the name of the header from which to extract the JWT value.", + Type: schema.TypeString, + }, + "query_parameter_name": { + Optional: true, + Description: "This specifies the name of the query parameter from which to extract the JWT value.", + Type: schema.TypeString, + }, + "jwt": { + Optional: true, + Description: "An identifier for the JWT keys collection.", + Type: schema.TypeString, + }, + "enable_rs256": { + Optional: true, + Description: "Verifies JWTs signed with the RS256 algorithm. This signature helps ensure that the token hasn't been tampered with.", + Type: schema.TypeBool, + }, + "enable_es256": { + Optional: true, + Description: "Verifies JWTs signed with the ES256 algorithm. This signature helps ensure that the token hasn't been tampered with.", + Type: schema.TypeBool, + }, + }, + }, + }, + "verify_json_web_token_for_dcp": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows you to use JSON web tokens (JWT) to verify requests for use in implementing `IoT Edge Connect`, which you use the `dcp` behavior to configure. You can specify the location in a request to pass a JSON web token (JWT), collections of public keys to verify the integrity of this token, and specific claims to extract from it. Use the `verifyJsonWebToken` behavior for other JWT validation. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "extract_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQUEST_HEADER", "QUERY_STRING", "CLIENT_REQUEST_HEADER_AND_QUERY_STRING"}, false)), + Optional: true, + Description: "Specifies where to get the JWT value from.", + Type: schema.TypeString, + }, + "primary_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQUEST_HEADER", "QUERY_STRING"}, false)), + Optional: true, + Description: "Specifies the primary location to extract the JWT value from. If the specified option doesn't include the JWTs, the system checks the secondary one.", + Type: schema.TypeString, + }, + "custom_header": { + Optional: true, + Description: "The JWT value comes from the `X-Akamai-DCP-Token` header by default. Enabling this option allows you to extract it from another header name that you specify.", + Type: schema.TypeBool, + }, + "header_name": { + Optional: true, + Description: "This specifies the name of the header to extract the JWT value from.", + Type: schema.TypeString, + }, + "query_parameter_name": { + Optional: true, + Description: "Specifies the name of the query parameter from which to extract the JWT value.", + Type: schema.TypeString, + }, + "jwt": { + Optional: true, + Description: "An identifier for the JWT keys collection.", + Type: schema.TypeString, + }, + "extract_client_id": { + Optional: true, + Description: "Allows you to extract the client ID claim name stored in JWT.", + Type: schema.TypeBool, + }, + "client_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,20}$"), + Optional: true, + Description: "This specifies the claim name.", + Type: schema.TypeString, + }, + "extract_authorizations": { + Optional: true, + Description: "Allows you to extract the authorization groups stored in the JWT.", + Type: schema.TypeBool, + }, + "authorizations": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,20}$"), + Optional: true, + Description: "This specifies the authorization group name.", + Type: schema.TypeString, + }, + "extract_user_name": { + Optional: true, + Description: "Allows you to extract the user name stored in the JWT.", + Type: schema.TypeBool, + }, + "user_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,20}$"), + Optional: true, + Description: "This specifies the user name.", + Type: schema.TypeString, + }, + "enable_rs256": { + Optional: true, + Description: "Verifies JWTs signed with the RS256 algorithm. This signature helps to ensure that the token hasn't been tampered with.", + Type: schema.TypeBool, + }, + "enable_es256": { + Optional: true, + Description: "Verifies JWTs signed with the ES256 algorithm. This signature helps to ensure that the token hasn't been tampered with.", + Type: schema.TypeBool, + }, + }, + }, + }, + "verify_token_authorization": { + Optional: true, + Type: schema.TypeList, + Description: "Verifies Auth 2.0 tokens. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "use_advanced": { + Optional: true, + Description: "If enabled, allows you to specify advanced options such as `algorithm`, `escapeHmacInputs`, `ignoreQueryString`, `transitionKey`, and `salt`.", + Type: schema.TypeBool, + }, + "location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COOKIE", "QUERY_STRING", "CLIENT_REQUEST_HEADER"}, false)), + Optional: true, + Description: "Specifies where to find the token in the incoming request.", + Type: schema.TypeString, + }, + "location_id": { + Optional: true, + Description: "When `location` is `CLIENT_REQUEST_HEADER`, specifies the name of the incoming request's header where to find the token.", + Type: schema.TypeString, + }, + "algorithm": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"SHA256", "SHA1", "MD5"}, false)), + Optional: true, + Description: "Specifies the algorithm that generates the token. It needs to match the method chosen in the token generation code.", + Type: schema.TypeString, + }, + "escape_hmac_inputs": { + Optional: true, + Description: "URL-escapes HMAC inputs passed in as query parameters.", + Type: schema.TypeBool, + }, + "ignore_query_string": { + Optional: true, + Description: "Enabling this removes the query string from the URL used to form an encryption key.", + Type: schema.TypeBool, + }, + "key": { + ValidateDiagFunc: validateRegexOrVariable("^(0x)?[0-9a-fA-F]{64}$"), + Optional: true, + Description: "The shared secret used to validate tokens, which needs to match the key used in the token generation code.", + Type: schema.TypeString, + }, + "transition_key": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validateRegexOrVariable("^(0x)?[0-9a-fA-F]{64}$")), + Optional: true, + Description: "Specifies a transition key as a hex value.", + Type: schema.TypeString, + }, + "salt": { + ValidateDiagFunc: validateAny(validation.ToDiagFunc(validation.StringIsEmpty), validation.ToDiagFunc(validation.StringLenBetween(16, 16))), + Optional: true, + Description: "Specifies a salt string for input when generating the token, which needs to match the salt value used in the token generation code.", + Type: schema.TypeString, + }, + "failure_response": { + Optional: true, + Description: "When enabled, sends an HTTP error when an authentication test fails.", + Type: schema.TypeBool, + }, + }, + }, + }, + "virtual_waiting_room": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior helps you maintain business continuity for dynamic applications in high-demand situations such as flash sales. It decreases abandonment by providing a user-friendly waiting room experience. FIFO (First-in First-out) is a request processing mechanism that prioritizes the first requests that enter the waiting room to send them first to the origin. Users can see both their estimated arrival time and position in the line. With Cloudlets available on your contract, choose `Your services` > `Edge logic Cloudlets` to control Virtual Waitig Room within `Control Center`. Otherwise use the `Cloudlets API` to configure it programmatically. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "This identifies the Visitor Waiting Room Cloudlet shared policy to use with this behavior. You can list available shared policies with the `Cloudlets API`.", + Type: schema.TypeInt, + }, + "domain_config": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HOST_HEADER", "CUSTOM"}, false)), + Optional: true, + Description: "This specifies the domain used to establish a session with the visitor.", + Type: schema.TypeString, + }, + "custom_cookie_domain": { + ValidateDiagFunc: validateRegexOrVariable("^(\\.)?(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])$"), + Optional: true, + Description: "This specifies a domain for all session cookies. In case you configure many property hostnames, this may be their common domain. Make sure the user agent accepts the custom domain for any request matching the `virtualWaitingRoom` behavior. Don't use top level domains (TLDs).", + Type: schema.TypeString, + }, + "waiting_room_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "waiting_room_path": { + Optional: true, + Description: "This specifies the path to the waiting room main page on the origin server, for example `/vp/waiting-room.html`. When the request is marked as Waiting Room Main Page and blocked, the visitor enters the waiting room. The behavior sets the outgoing request path to the `waitingRoomPath` and modifies the cache key accordingly. See the `virtualWaitingRoomRequest` match criteria to further customize these requests.", + Type: schema.TypeString, + }, + "waiting_room_assets_paths": { + Optional: true, + Description: "This specifies the base paths to static resources such as JavaScript, CSS, or image files for the Waiting Room Main Page requests. The option supports the `*` wildcard that matches zero or more characters. Requests matching any of these paths aren't blocked, but marked as Waiting Room Assets and passed through to the origin. See the `virtualWaitingRoomRequest` match criteria to further customize these requests.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "access_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "session_duration": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 86400)), + Optional: true, + Description: "Specifies the number of seconds users remain in the waiting room queue.", + Type: schema.TypeInt, + }, + "session_auto_prolong": { + Optional: true, + Description: "Whether the queue session should prolong automatically when the `sessionDuration` expires and the visitor remains active.", + Type: schema.TypeBool, + }, + }, + }, + }, + "virtual_waiting_room_with_edge_workers": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior allows you to configure the `virtualWaitingRoom` behavior with EdgeWorkers for extended scalability and customization. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + }, + }, + }, + "visitor_prioritization": { + Optional: true, + Type: schema.TypeList, + Description: "The `Visitor Prioritization Cloudlet` decreases abandonment by providing a user-friendly waiting room experience. With Cloudlets available on your contract, choose `Your services` > `Edge logic Cloudlets` to control Visitor Prioritization within `Control Center`. Otherwise use the `Cloudlets API` to configure it programmatically. To serve non-HTML API content such as JSON blocks, see the `apiPrioritization` behavior. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the Visitor Prioritization behavior.", + Type: schema.TypeBool, + }, + "cloudlet_policy": { + Optional: true, + Description: "Identifies the Cloudlet policy.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "user_identification_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "user_identification_by_cookie": { + Optional: true, + Description: "When enabled, identifies users by the value of a cookie.", + Type: schema.TypeBool, + }, + "user_identification_key_cookie": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies the name of the cookie whose value identifies users. To match a user, the value of the cookie needs to remain constant across all requests.", + Type: schema.TypeString, + }, + "user_identification_by_headers": { + Optional: true, + Description: "When enabled, identifies users by the values of GET or POST request headers.", + Type: schema.TypeBool, + }, + "user_identification_key_headers": { + Optional: true, + Description: "Specifies names of request headers whose values identify users. To match a user, values for all the specified headers need to remain constant across all requests.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "user_identification_by_ip": { + Optional: true, + Description: "Allows IP addresses to identify users.", + Type: schema.TypeBool, + }, + "user_identification_by_params": { + Optional: true, + Description: "When enabled, identifies users by the values of GET or POST request parameters.", + Type: schema.TypeBool, + }, + "user_identification_key_params": { + Optional: true, + Description: "Specifies names of request parameters whose values identify users. To match a user, values for all the specified parameters need to remain constant across all requests. Parameters that are absent or blank may also identify users.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "allowed_user_cookie_management_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "allowed_user_cookie_enabled": { + Optional: true, + Description: "Sets a cookie for users who have been allowed through to the site.", + Type: schema.TypeBool, + }, + "allowed_user_cookie_label": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies a label to distinguish this cookie for an allowed user from others. The value appends to the cookie's name, and helps you to maintain the same user assignment across behaviors within a property, and across properties.", + Type: schema.TypeString, + }, + "allowed_user_cookie_duration": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 600)), + Optional: true, + Description: "Sets the number of seconds for the allowed user's session once allowed through to the site.", + Type: schema.TypeInt, + }, + "allowed_user_cookie_refresh": { + Optional: true, + Description: "Resets the duration of an allowed cookie with each request, so that it only expires if the user doesn't make any requests for the specified duration. Do not enable this option if you want to set a fixed time for all users.", + Type: schema.TypeBool, + }, + "allowed_user_cookie_advanced": { + Optional: true, + Description: "Sets advanced configuration options for the allowed user's cookie.", + Type: schema.TypeBool, + }, + "allowed_user_cookie_automatic_salt": { + Optional: true, + Description: "Sets an automatic `salt` value to verify the integrity of the cookie for an allowed user. Disable this if you want to share the cookie across properties.", + Type: schema.TypeBool, + }, + "allowed_user_cookie_salt": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies a fixed `salt` value, which is incorporated into the cookie's value to prevent users from manipulating it. You can use the same salt string across different behaviors or properties to apply a single cookie to all allowed users.", + Type: schema.TypeString, + }, + "allowed_user_cookie_domain_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DYNAMIC", "CUSTOMER"}, false)), + Optional: true, + Description: "Specify with `allowedUserCookieAdvanced` enabled.", + Type: schema.TypeString, + }, + "allowed_user_cookie_domain": { + ValidateDiagFunc: validateRegexOrVariable("^(\\.)?(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])$"), + Optional: true, + Description: "Specifies a domain for an allowed user cookie.", + Type: schema.TypeString, + }, + "allowed_user_cookie_http_only": { + Optional: true, + Description: "Applies the `HttpOnly` flag to the allowed user's cookie to ensure it's accessed over HTTP and not manipulated by the client.", + Type: schema.TypeBool, + }, + "waiting_room_cookie_management_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "waiting_room_cookie_enabled": { + Optional: true, + Description: "Enables a cookie to track a waiting room assignment.", + Type: schema.TypeBool, + }, + "waiting_room_cookie_share_label": { + Optional: true, + Description: "Enabling this option shares the same `allowedUserCookieLabel` string. If disabled, specify a different `waitingRoomCookieLabel`.", + Type: schema.TypeBool, + }, + "waiting_room_cookie_label": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies a label to distinguish this waiting room cookie from others. The value appends to the cookie's name, and helps you to maintain the same waiting room assignment across behaviors within a property, and across properties.", + Type: schema.TypeString, + }, + "waiting_room_cookie_duration": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 120)), + Optional: true, + Description: "Sets the number of seconds for which users remain in the waiting room. During this time, users who refresh the waiting room page remain there.", + Type: schema.TypeInt, + }, + "waiting_room_cookie_advanced": { + Optional: true, + Description: "When enabled along with `waitingRoomCookieEnabled`, sets advanced configuration options for the waiting room cookie.", + Type: schema.TypeBool, + }, + "waiting_room_cookie_automatic_salt": { + Optional: true, + Description: "Sets an automatic `salt` value to verify the integrity of the waiting room cookie. Disable this if you want to share the cookie across properties.", + Type: schema.TypeBool, + }, + "waiting_room_cookie_salt": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "Specifies a fixed `salt` value, which is incorporated into the cookie's value to prevent users from manipulating it. You can use the same salt string across different behaviors or properties to apply a single cookie for the waiting room session.", + Type: schema.TypeString, + }, + "waiting_room_cookie_domain_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"DYNAMIC", "CUSTOMER"}, false)), + Optional: true, + Description: "Specify with `waitingRoomCookieAdvanced` enabled, selects whether to use the `DYNAMIC` incoming host header, or a `CUSTOMER`-defined cookie domain.", + Type: schema.TypeString, + }, + "waiting_room_cookie_domain": { + ValidateDiagFunc: validateRegexOrVariable("^(\\.)?(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])$"), + Optional: true, + Description: "Specifies a domain for the waiting room cookie.", + Type: schema.TypeString, + }, + "waiting_room_cookie_http_only": { + Optional: true, + Description: "Applies the `HttpOnly` flag to the waiting room cookie to ensure it's accessed over HTTP and not manipulated by the client.", + Type: schema.TypeBool, + }, + "waiting_room_management_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "waiting_room_status_code": { + ValidateDiagFunc: validateRegexOrVariable("[2|4|5][0-9][0-9]"), + Optional: true, + Description: "Specifies the response code for requests sent to the waiting room.", + Type: schema.TypeInt, + }, + "waiting_room_use_cp_code": { + Optional: true, + Description: "Allows you to assign a different CP code that tracks any requests that are sent to the waiting room.", + Type: schema.TypeBool, + }, + "waiting_room_cp_code": { + Optional: true, + Description: "Specifies a CP code for requests sent to the waiting room. You only need to provide the initial `id`, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "waiting_room_net_storage": { + Optional: true, + Description: "Specifies the NetStorage domain for the waiting room page.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cp_code": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "download_domain_name": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "g2o_token": { + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "waiting_room_directory": { + ValidateDiagFunc: validateRegexOrVariable("^[^#\\[\\]@]+$"), + Optional: true, + Description: "Specifies the NetStorage directory that contains the static waiting room page, with no trailing slash character.", + Type: schema.TypeString, + }, + "waiting_room_cache_ttl": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(5, 30)), + Optional: true, + Description: "Specifies the waiting room page's time to live in the cache, `5` minutes by default.", + Type: schema.TypeInt, + }, + }, + }, + }, + "visitor_prioritization_fifo": { + Optional: true, + Type: schema.TypeList, + Description: "(**BETA**) The `Visitor Prioritization Cloudlet (FIFO)` decreases abandonment by providing a user-friendly waiting room experience. FIFO (First-in First-out) is a fair request processing mechanism, which prioritizes the first requests that enter the waiting room to send them first to the origin. Users can see both their estimated arrival time and position in the line. With Cloudlets available on your contract, choose `Your services` > `Edge logic Cloudlets` to control Visitor Prioritization (FIFO) within `Control Center`. Otherwise use the `Cloudlets API` to configure it programmatically. To serve non-HTML API content such as JSON blocks, see the `apiPrioritization` behavior. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "cloudlet_shared_policy": { + Optional: true, + Description: "This identifies the Visitor Prioritization FIFO shared policy to use with this behavior. You can list available shared policies with the `Cloudlets API`.", + Type: schema.TypeInt, + }, + "domain_config": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HOST_HEADER", "CUSTOM"}, false)), + Optional: true, + Description: "This specifies how to set the domain used to establish a session with the visitor.", + Type: schema.TypeString, + }, + "custom_cookie_domain": { + ValidateDiagFunc: validateRegexOrVariable("^(\\.)?(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])$"), + Optional: true, + Description: "This specifies a domain for all session cookies. In case you configure many property hostnames, this may be their common domain. Make sure the user agent accepts the custom domain for any request matching the `visitorPrioritizationFifo` behavior. Don't use top level domains (TLDs).", + Type: schema.TypeString, + }, + "waiting_room_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "waiting_room_path": { + Optional: true, + Description: "This specifies the path to the waiting room main page on the origin server, for example `/vp/waiting-room.html`. When the request is marked as `Waiting Room Main Page` and blocked, the visitor enters the waiting room. The behavior sets the outgoing request path to the `waitingRoomPath` and modifies the cache key accordingly. See the `visitorPrioritizationRequest` match criteria to further customize these requests.", + Type: schema.TypeString, + }, + "waiting_room_assets_paths": { + Optional: true, + Description: "This specifies the base paths to static resources such as `JavaScript`, `CSS`, or image files for the `Waiting Room Main Page` requests. The option supports the `*` wildcard wildcard that matches zero or more characters. Requests matching any of these paths aren't blocked, but marked as Waiting Room Assets and passed through to the origin. See the `visitorPrioritizationRequest` match criteria to further customize these requests.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "access_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "session_duration": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 86400)), + Optional: true, + Description: "Specifies the number of seconds users remain in the waiting room queue.", + Type: schema.TypeInt, + }, + "session_auto_prolong": { + Optional: true, + Description: "Whether the queue session should prolong automatically when the `sessionDuration` expires and the visitor remains active.", + Type: schema.TypeBool, + }, + }, + }, + }, + "visitor_prioritization_fifo_standalone": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + }, + }, + }, + "watermarking": { + Optional: true, + Type: schema.TypeList, + Description: "Adds watermarking for each valid user's content. Content segments are delivered from different sources using a pattern unique to each user, based on a watermarking token included in each request. If your content is pirated or redistributed, you can forensically analyze the segments to extract the pattern, and identify the user who leaked the content. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enable": { + Optional: true, + Description: "Enables the watermarking behavior.", + Type: schema.TypeBool, + }, + "token_signing_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "signature_verification_enable": { + Optional: true, + Description: "When enabled, you can verify the signature in your watermarking token.", + Type: schema.TypeBool, + }, + "verification_key_id1": { + Optional: true, + Description: "Specifies a unique identifier for the first public key.", + Type: schema.TypeString, + }, + "verification_public_key1": { + Optional: true, + Description: "Specifies the first public key in its entirety.", + Type: schema.TypeString, + }, + "verification_key_id2": { + Optional: true, + Description: "Specifies a unique identifier for the optional second public key.", + Type: schema.TypeString, + }, + "verification_public_key2": { + Optional: true, + Description: "Specifies the optional second public key in its entirety. Specify a second key to enable rotation.", + Type: schema.TypeString, + }, + "pattern_encryption_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "pattern_decryption_enable": { + Optional: true, + Description: "If patterns in your watermarking tokens have been encrypted, enabling this allows you to provide values to decrypt them.", + Type: schema.TypeBool, + }, + "decryption_password_id1": { + Optional: true, + Description: "Specifies a label that corresponds to the primary password.", + Type: schema.TypeString, + }, + "decryption_password1": { + Optional: true, + Description: "Provides the primary password used to encrypt patterns in your watermarking tokens.", + Type: schema.TypeString, + }, + "decryption_password_id2": { + Optional: true, + Description: "Specifies a label for the secondary password, used in rotation scenarios to identify which password to use for decryption.", + Type: schema.TypeString, + }, + "decryption_password2": { + Optional: true, + Description: "Provides the secondary password you can use to rotate passwords.", + Type: schema.TypeString, + }, + "miscellaneous_settings_title": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "use_original_as_a": { + Optional: true, + Description: "When you work with your watermarking vendor, you can apply several preprocessing methods to your content. See the `AMD help` for more information. With the standard `filename-prefix AB naming` preprocessing method, the watermarking vendor creates two variants of the original segment content and labels them as an `A` and `B` segment in the filename. If you selected the `unlabeled A variant` preprocessing method, enabling this option tells your configuration to use the original filename segment content as your `A` variant.", + Type: schema.TypeBool, + }, + "ab_variant_location": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"FILENAME_PREFIX", "PARENT_DIRECTORY_PREFIX"}, false)), + Optional: true, + Description: "When you work with your watermarking vendor, you can apply several preprocessing methods to your content. See the `AMD help` for more information. Use this option to specify the location of the `A` and `B` variant segments.", + Type: schema.TypeString, + }, + }, + }, + }, + "web_application_firewall": { + Optional: true, + Type: schema.TypeList, + Description: "This behavior implements a suite of security features that blocks threatening HTTP and HTTPS requests. Use it as your primary firewall, or in addition to existing security measures. Only one referenced configuration is allowed per property, so this behavior typically belongs as part of its default rule. This behavior cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "firewall_configuration": { + Optional: true, + Description: "An object featuring details about your firewall configuration.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "config_id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "production_status": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior", + Type: schema.TypeString, + }, + "staging_status": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior", + Type: schema.TypeString, + }, + "production_version": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior", + Type: schema.TypeInt, + }, + "staging_version": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior", + Type: schema.TypeInt, + }, + "file_name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + "web_sockets": { + Optional: true, + Type: schema.TypeList, + Description: "The WebSocket protocol allows web applications real-time bidirectional communication between clients and servers. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables WebSocket traffic.", + Type: schema.TypeBool, + }, + }, + }, + }, + "webdav": { + Optional: true, + Type: schema.TypeList, + Description: "Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. This behavior enables WebDAV, and provides support for the following additional request methods: PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. To apply this behavior, you need to match on a `requestMethod`. This behavior can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "enabled": { + Optional: true, + Description: "Enables the WebDAV behavior.", + Type: schema.TypeBool, + }, + }, + }, + }, + } +} + +func getCriteriaSchemaV20240813() map[string]*schema.Schema { + return map[string]*schema.Schema{ + "advanced_im_match": { + Optional: true, + Type: schema.TypeList, + Description: "Matches whether the `imageManager` behavior already applies to the current set of requests. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Specifies the match's logic.", + Type: schema.TypeString, + }, + "match_on": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ANY_IM", "PRISTINE"}, false)), + Optional: true, + Description: "Specifies the match's scope.", + Type: schema.TypeString, + }, + }, + }, + }, + "bucket": { + Optional: true, + Type: schema.TypeList, + Description: "This matches a specified percentage of requests when used with the accompanying behavior. Contact Akamai Professional Services for help configuring it. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "percentage": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specifies the percentage of requests to match.", + Type: schema.TypeInt, + }, + }, + }, + }, + "cacheability": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the current cache state. Note that any `NO_STORE` or `BYPASS_CACHE` HTTP headers set on the origin's content overrides properties' `caching` instructions, in which case this criteria does not apply. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Specifies the match's logic.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NO_STORE", "BYPASS_CACHE", "CACHEABLE"}, false)), + Optional: true, + Description: "Content's cache is enabled (`CACHEABLE`) or not (`NO_STORE`), or else is ignored (`BYPASS_CACHE`).", + Type: schema.TypeString, + }, + }, + }, + }, + "china_cdn_region": { + Optional: true, + Type: schema.TypeList, + Description: "Identifies traffic deployed over Akamai's regional ChinaCDN infrastructure. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Specify whether the request `IS` or `IS_NOT` deployed over ChinaCDN.", + Type: schema.TypeString, + }, + }, + }, + }, + "client_certificate": { + Optional: true, + Type: schema.TypeList, + Description: "Matches whether you have configured a client certificate to authenticate requests to edge servers. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "is_certificate_present": { + Optional: true, + Description: "Executes rule behaviors only if a client certificate authenticates requests.", + Type: schema.TypeBool, + }, + "is_certificate_valid": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"VALID", "INVALID", "IGNORE"}, false)), + Optional: true, + Description: "Matches whether the certificate is `VALID` or `INVALID`. You can also `IGNORE` the certificate's validity.", + Type: schema.TypeString, + }, + "enforce_mtls": { + Optional: true, + Description: "Specifies custom handling of requests if any of the checks in the `enforceMtlsSettings` behavior fail. Enable this and use with behaviors such as `logCustom` so that they execute if the check fails. You need to add the `enforceMtlsSettings` behavior to a parent rule, with its own unique match condition and `enableDenyRequest` option disabled.", + Type: schema.TypeBool, + }, + }, + }, + }, + "client_ip": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the IP number of the requesting client. To use this condition to match end-user IP addresses, apply it together with the `requestType` matching on the `CLIENT_REQ` value. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the contents of `values` if set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "IP or CIDR block, for example: `71.92.0.0/14`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "use_headers": { + Optional: true, + Description: "When connecting via a proxy server as determined by the `X-Forwarded-For` header, enabling this option matches the connecting client's IP address rather than the original end client specified in the header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "client_ip_version": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the version of the IP protocol used by the requesting client. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IPV4", "IPV6"}, false)), + Optional: true, + Description: "The IP version of the client request, either `IPV4` or `IPV6`.", + Type: schema.TypeString, + }, + "use_x_forwarded_for": { + Optional: true, + Description: "When connecting via a proxy server as determined by the `X-Forwarded-For` header, enabling this option matches the connecting client's IP address rather than the original end client specified in the header.", + Type: schema.TypeBool, + }, + }, + }, + }, + "cloudlets_origin": { + Optional: true, + Type: schema.TypeList, + Description: "Allows Cloudlets Origins, referenced by label, to define their own criteria to assign custom origin definitions. The criteria may match, for example, for a specified percentage of requests defined by the cloudlet to use an alternative version of a website. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "origin_id": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-\\.]+$"), + Optional: true, + Description: "The Cloudlets Origins identifier, limited to alphanumeric and underscore characters.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_delivery_network": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies the type of Akamai network handling the request. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Matches the specified `network` if set to `IS`, otherwise `IS_NOT` reverses the match.", + Type: schema.TypeString, + }, + "network": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"STAGING", "PRODUCTION"}, false)), + Optional: true, + Description: "Match the network.", + Type: schema.TypeString, + }, + }, + }, + }, + "content_type": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the HTTP response header's `Content-Type`. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches any `Content-Type` among specified `values` when set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "`Content-Type` response header value, for example `text/html`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "match_wildcard": { + Optional: true, + Description: "Allows wildcards in the `value` field, where `?` matches a single character and `*` matches zero or more characters. Specifying `text/*` matches both `text/html` and `text/css`.", + Type: schema.TypeBool, + }, + "match_case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive match for all `values`.", + Type: schema.TypeBool, + }, + }, + }, + }, + "device_characteristic": { + Optional: true, + Type: schema.TypeList, + Description: "Match various aspects of the device or browser making the request. Based on the value of the `characteristic` option, the expected value is either a boolean, a number, or a string, possibly representing a version number. Each type of value requires a different field. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "characteristic": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BRAND_NAME", "MODEL_NAME", "MARKETING_NAME", "IS_WIRELESS_DEVICE", "IS_TABLET", "DEVICE_OS", "DEVICE_OS_VERSION", "MOBILE_BROWSER", "MOBILE_BROWSER_VERSION", "RESOLUTION_WIDTH", "RESOLUTION_HEIGHT", "PHYSICAL_SCREEN_HEIGHT", "PHYSICAL_SCREEN_WIDTH", "COOKIE_SUPPORT", "AJAX_SUPPORT_JAVASCRIPT", "FULL_FLASH_SUPPORT", "ACCEPT_THIRD_PARTY_COOKIE", "XHTML_SUPPORT_LEVEL", "IS_MOBILE"}, false)), + Optional: true, + Description: "Aspect of the device or browser to match.", + Type: schema.TypeString, + }, + "string_match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"MATCHES_ONE_OF", "DOES_NOT_MATCH_ONE_OF"}, false)), + Optional: true, + Description: "When the `characteristic` expects a string value, set this to `MATCHES_ONE_OF` to match against the `stringValue` set, otherwise set to `DOES_NOT_MATCH_ONE_OF` to exclude that set of values.", + Type: schema.TypeString, + }, + "numeric_match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT", "IS_LESS_THAN", "IS_LESS_THAN_OR_EQUAL", "IS_MORE_THAN", "IS_MORE_THAN_OR_EQUAL"}, false)), + Optional: true, + Description: "When the `characteristic` expects a numeric value, compares the specified `numericValue` against the matched client.", + Type: schema.TypeString, + }, + "version_match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT", "IS_LESS_THAN", "IS_LESS_THAN_OR_EQUAL", "IS_MORE_THAN", "IS_MORE_THAN_OR_EQUAL"}, false)), + Optional: true, + Description: "When the `characteristic` expects a version string value, compares the specified `versionValue` against the matched client, using the following operators: `IS`, `IS_MORE_THAN_OR_EQUAL`, `IS_MORE_THAN`, `IS_LESS_THAN_OR_EQUAL`, `IS_LESS_THAN`, `IS_NOT`.", + Type: schema.TypeString, + }, + "boolean_value": { + Optional: true, + Description: "When the `characteristic` expects a boolean value, this specifies the value.", + Type: schema.TypeBool, + }, + "string_value": { + Optional: true, + Description: "When the `characteristic` expects a string, this specifies the set of values.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "numeric_value": { + Optional: true, + Description: "When the `characteristic` expects a numeric value, this specifies the number.", + Type: schema.TypeInt, + }, + "version_value": { + Optional: true, + Description: "When the `characteristic` expects a version number, this specifies it as a string.", + Type: schema.TypeString, + }, + "match_case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive match for the `stringValue` field.", + Type: schema.TypeBool, + }, + "match_wildcard": { + Optional: true, + Description: "Allows wildcards in the `stringValue` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + }, + }, + }, + "ecmd_auth_groups": { + Optional: true, + Type: schema.TypeList, + Description: "This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CONTAINS", "DOES_NOT_CONTAIN"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,255}$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "ecmd_auth_scheme": { + Optional: true, + Type: schema.TypeList, + Description: "This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "auth_scheme": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ANONYMOUS", "JWT", "MUTUAL"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "ecmd_is_authenticated": { + Optional: true, + Type: schema.TypeList, + Description: "This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_AUTHENTICATED", "IS_NOT_AUTHENTICATED"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "ecmd_username": { + Optional: true, + Type: schema.TypeList, + Description: "This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CONTAINS", "DOES_NOT_CONTAIN", "STARTS_WITH", "DOES_NOT_START_WITH", "ENDS_WITH", "DOES_NOT_END_WITH", "LENGTH_EQUALS", "LENGTH_GREATER_THAN", "LENGTH_SMALLER_THAN"}, false)), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_-]{1,255}$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + "length": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]\\d*$"), + Optional: true, + Description: "", + Type: schema.TypeString, + }, + }, + }, + }, + "edge_workers_failure": { + Optional: true, + Type: schema.TypeList, + Description: "Checks the EdgeWorkers execution status and detects whether a customer's JavaScript failed on edge servers. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "exec_status": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"FAILURE", "SUCCESS"}, false)), + Optional: true, + Description: "Specify execution status.", + Type: schema.TypeString, + }, + }, + }, + }, + "file_extension": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the requested filename's extension, if present. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the contents of `values` if set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "An array of file extension strings, with no leading dot characters, for example `png`, `jpg`, `jpeg`, and `gif`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "match_case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive match.", + Type: schema.TypeBool, + }, + }, + }, + }, + "filename": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the requested filename, or test whether it is present. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF", "IS_EMPTY", "IS_NOT_EMPTY"}, false)), + Optional: true, + Description: "If set to `IS_ONE_OF` or `IS_NOT_ONE_OF`, matches whether the filename matches one of the `values`. If set to `IS_EMPTY` or `IS_NOT_EMPTY`, matches whether the specified filename is part of the path.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "Matches the filename component of the request URL. Allows wildcards, where `?` matches a single character and `*` matches zero or more characters. For example, specify `filename.*` to accept any extension.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "match_case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive match for the `values` field.", + Type: schema.TypeBool, + }, + }, + }, + }, + "hostname": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the requested hostname. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the contents of `values` when set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "A list of hostnames. Allows wildcards, where `?` matches a single character and `*` matches zero or more characters. Specifying `*.example.com` matches both `m.example.com` and `www.example.com`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "match_advanced": { + Optional: true, + Type: schema.TypeList, + Description: "This specifies match criteria using Akamai XML metadata. It can only be configured on your behalf by Akamai Professional Services. This criterion is for internal usage only. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "description": { + Optional: true, + Description: "A human-readable description of what the XML block does.", + Type: schema.TypeString, + }, + "open_xml": { + Optional: true, + Description: "An XML string that opens the relevant block.", + Type: schema.TypeString, + }, + "close_xml": { + Optional: true, + Description: "An XML string that closes the relevant block.", + Type: schema.TypeString, + }, + }, + }, + }, + "match_cp_code": { + Optional: true, + Type: schema.TypeList, + Description: "Match the assigned content provider code. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + Optional: true, + Description: "Specifies the CP code as an object. You only need to provide the initial `id` to match the CP code, stripping any `cpc_` prefix to pass the integer to the rule tree. Additional CP code details may reflect back in subsequent read-only data.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Optional: true, + Description: "", + Type: schema.TypeInt, + }, + "name": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "created_date": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "description": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + "products": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "cp_code_limits": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeList, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "current_capacity": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeInt, + }, + "limit_type": { + Optional: true, + Description: "This field is only intended for export compatibility purposes, and modifying it will not impact your use of the behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "match_response_code": { + Optional: true, + Type: schema.TypeList, + Description: "Match a set or range of HTTP response codes. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF", "IS_BETWEEN", "IS_NOT_BETWEEN"}, false)), + Optional: true, + Description: "Matches numeric range or a specified set of `values`.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "A set of response codes to match, for example `[\"404\",\"500\"]`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "lower_bound": { + ValidateDiagFunc: validateRegexOrVariable("^\\d{3}$"), + Optional: true, + Description: "Specifies the start of a range of responses. For example, `400` to match anything from `400` to `500`.", + Type: schema.TypeInt, + }, + "upper_bound": { + ValidateDiagFunc: validateRegexOrVariable("^\\d{3}$"), + Optional: true, + Description: "Specifies the end of a range of responses. For example, `500` to match anything from `400` to `500`.", + Type: schema.TypeInt, + }, + }, + }, + }, + "match_variable": { + Optional: true, + Type: schema.TypeList, + Description: "Matches a built-in variable, or a custom variable pre-declared within the rule tree by the `setVariable` behavior. See `Support for variables` for more information on this feature. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "variable_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z_][a-zA-Z0-9_]{0,31}$"), + Optional: true, + Description: "The name of the variable to match.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT", "IS_ONE_OF", "IS_NOT_ONE_OF", "IS_EMPTY", "IS_NOT_EMPTY", "IS_BETWEEN", "IS_NOT_BETWEEN", "IS_GREATER_THAN", "IS_GREATER_THAN_OR_EQUAL_TO", "IS_LESS_THAN", "IS_LESS_THAN_OR_EQUAL_TO"}, false)), + Optional: true, + Description: "The type of match, based on which you use different options to specify the match criteria.", + Type: schema.TypeString, + }, + "variable_values": { + Optional: true, + Description: "Specifies an array of matching strings.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "variable_expression": { + Optional: true, + Description: "Specifies a single matching string.", + Type: schema.TypeString, + }, + "lower_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]\\d*$"), + Optional: true, + Description: "Specifies the range's numeric minimum value.", + Type: schema.TypeString, + }, + "upper_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]\\d*$"), + Optional: true, + Description: "Specifies the range's numeric maximum value.", + Type: schema.TypeString, + }, + "match_wildcard": { + Optional: true, + Description: "When matching string expressions, enabling this allows wildcards, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive": { + Optional: true, + Description: "When matching string expressions, enabling this performs a case-sensitive match.", + Type: schema.TypeBool, + }, + }, + }, + }, + "metadata_stage": { + Optional: true, + Type: schema.TypeList, + Description: "Matches how the current rule corresponds to low-level syntax elements in translated XML metadata, indicating progressive stages as each edge server handles the request and response. To use this match, you need to be thoroughly familiar with how Akamai edge servers process requests. Contact your Akamai Technical representative if you need help, and test thoroughly on staging before activating on production. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Compares the current rule with the specified metadata stage.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"cache-hit", "client-done", "client-request", "client-request-body", "client-response", "content-policy", "forward-request", "forward-response", "forward-start", "ipa-response"}, false)), + Optional: true, + Description: "Specifies the metadata stage.", + Type: schema.TypeString, + }, + }, + }, + }, + "origin_timeout": { + Optional: true, + Type: schema.TypeList, + Description: "Matches when the origin responds with a timeout error. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"ORIGIN_TIMED_OUT"}, false)), + Optional: true, + Description: "Specifies a single required `ORIGIN_TIMED_OUT` value.", + Type: schema.TypeString, + }, + }, + }, + }, + "path": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the URL's non-hostname path component. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"MATCHES_ONE_OF", "DOES_NOT_MATCH_ONE_OF"}, false)), + Optional: true, + Description: "Matches the contents of the `values` array.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "Matches the URL path, excluding leading hostname and trailing query parameters. The path is relative to the server root, for example `/blog`. This field allows wildcards, where `?` matches a single character and `*` matches zero or more characters. For example, `/blog/*/2014` matches paths with two fixed segments and other varying segments between them.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "match_case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive match.", + Type: schema.TypeBool, + }, + "normalize": { + Optional: true, + Description: "Transforms URLs before comparing them with the provided value. URLs are decoded, and any directory syntax such as `../..` or `//` is stripped as a security measure. This protects URL paths from being accessed by unauthorized users.", + Type: schema.TypeBool, + }, + }, + }, + }, + "query_string_parameter": { + Optional: true, + Type: schema.TypeList, + Description: "Matches query string field names or values. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "parameter_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^:/?#\\[\\]@&]+$"), + Optional: true, + Description: "The name of the query field, for example, `q` in `?q=string`.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF", "EXISTS", "DOES_NOT_EXIST", "IS_LESS_THAN", "IS_MORE_THAN", "IS_BETWEEN"}, false)), + Optional: true, + Description: "Narrows the match criteria.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "The value of the query field, for example, `string` in `?q=string`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "lower_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "Specifies the match's minimum value.", + Type: schema.TypeInt, + }, + "upper_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "When the `value` is numeric, this field specifies the match's maximum value.", + Type: schema.TypeInt, + }, + "match_wildcard_name": { + Optional: true, + Description: "Allows wildcards in the `parameterName` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive_name": { + Optional: true, + Description: "Sets a case-sensitive match for the `parameterName` field.", + Type: schema.TypeBool, + }, + "match_wildcard_value": { + Optional: true, + Description: "Allows wildcards in the `value` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive_value": { + Optional: true, + Description: "Sets a case-sensitive match for the `value` field.", + Type: schema.TypeBool, + }, + "escape_value": { + Optional: true, + Description: "Matches when the `value` is URL-escaped.", + Type: schema.TypeBool, + }, + }, + }, + }, + "random": { + Optional: true, + Type: schema.TypeList, + Description: "Matches a specified percentage of requests. Use this match to apply behaviors to a percentage of your incoming requests that differ from the remainder, useful for A/b testing, or to offload traffic onto different servers. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "bucket": { + ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 100)), + Optional: true, + Description: "Specify a percentage of random requests to which to apply a behavior. Any remainders do not match.", + Type: schema.TypeInt, + }, + }, + }, + }, + "recovery_config": { + Optional: true, + Type: schema.TypeList, + Description: "Matches on specified origin recovery scenarios. The `originFailureRecoveryPolicy` behavior defines the scenarios that trigger the recovery or retry methods you set in the `originFailureRecoveryMethod` rule. If the origin fails, the system checks the name of the recovery method applied to your policy. It then either redirects the requesting client to a backup origin or returns predefined HTTP response codes. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "config_name": { + ValidateDiagFunc: validateRegexOrVariable("^[A-Z0-9-]+$"), + Optional: true, + Description: "A unique identifier used for origin failure recovery configurations. This is the recovery method configuration name you apply when setting origin failure recovery methods and scenarios in `originFailureRecoveryMethod` and `originFailureRecoveryPolicy` behaviors. The value can contain alphanumeric characters and dashes.", + Type: schema.TypeString, + }, + }, + }, + }, + "regular_expression": { + Optional: true, + Type: schema.TypeList, + Description: "Matches a regular expression against a string, especially to apply behaviors flexibly based on the contents of dynamic `variables`. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_string": { + Optional: true, + Description: "The string to match, typically the contents of a dynamic variable.", + Type: schema.TypeString, + }, + "regex": { + Optional: true, + Description: "The regular expression (PCRE) to match against the string.", + Type: schema.TypeString, + }, + "case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive regular expression match.", + Type: schema.TypeBool, + }, + }, + }, + }, + "request_cookie": { + Optional: true, + Type: schema.TypeList, + Description: "Match the cookie name or value passed with the request. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "cookie_name": { + ValidateDiagFunc: validateRegexOrVariable("^[a-zA-Z0-9_\\-*\\.]+$"), + Optional: true, + Description: "The name of the cookie, for example, `visitor` in `visitor:anon`.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT", "EXISTS", "DOES_NOT_EXIST", "IS_BETWEEN"}, false)), + Optional: true, + Description: "Narrows the match criteria.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validateRegexOrVariable("^[^\\s;]+$"), + Optional: true, + Description: "The cookie's value, for example, `anon` in `visitor:anon`.", + Type: schema.TypeString, + }, + "lower_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]\\d*$"), + Optional: true, + Description: "When the `value` is numeric, this field specifies the match's minimum value.", + Type: schema.TypeInt, + }, + "upper_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[1-9]\\d*$"), + Optional: true, + Description: "When the `value` is numeric, this field specifies the match's maximum value.", + Type: schema.TypeInt, + }, + "match_wildcard_name": { + Optional: true, + Description: "Allows wildcards in the `cookieName` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive_name": { + Optional: true, + Description: "Sets a case-sensitive match for the `cookieName` field.", + Type: schema.TypeBool, + }, + "match_wildcard_value": { + Optional: true, + Description: "Allows wildcards in the `value` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive_value": { + Optional: true, + Description: "Sets a case-sensitive match for the `value` field.", + Type: schema.TypeBool, + }, + }, + }, + }, + "request_header": { + Optional: true, + Type: schema.TypeList, + Description: "Match HTTP header names or values. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "The name of the request header, for example `Accept-Language`.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF", "EXISTS", "DOES_NOT_EXIST"}, false)), + Optional: true, + Description: "Narrows the match criteria.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "The request header's value, for example `en-US` when the header `headerName` is `Accept-Language`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "match_wildcard_name": { + Optional: true, + Description: "Allows wildcards in the `headerName` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_wildcard_value": { + Optional: true, + Description: "Allows wildcards in the `value` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive_value": { + Optional: true, + Description: "Sets a case-sensitive match for the `value` field.", + Type: schema.TypeBool, + }, + }, + }, + }, + "request_method": { + Optional: true, + Type: schema.TypeList, + Description: "Specify the request's HTTP verb. Also supports WebDAV methods and common Akamai operations. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Matches the `value` when set to `IS`, otherwise `IS_NOT` reverses the match.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"GET", "POST", "HEAD", "PUT", "PATCH", "HTTP_DELETE", "AKAMAI_TRANSLATE", "AKAMAI_PURGE", "OPTIONS", "DAV_ACL", "DAV_CHECKOUT", "DAV_COPY", "DAV_DMCREATE", "DAV_DMINDEX", "DAV_DMMKPATH", "DAV_DMMKPATHS", "DAV_DMOVERLAY", "DAV_DMPATCHPATHS", "DAV_LOCK", "DAV_MKCALENDAR", "DAV_MKCOL", "DAV_MOVE", "DAV_PROPFIND", "DAV_PROPPATCH", "DAV_REPORT", "DAV_SETPROCESS", "DAV_SETREDIRECT", "DAV_TRUTHGET", "DAV_UNLOCK"}, false)), + Optional: true, + Description: "Any of these HTTP methods, WebDAV methods, or Akamai operations.", + Type: schema.TypeString, + }, + }, + }, + }, + "request_protocol": { + Optional: true, + Type: schema.TypeList, + Description: "Matches whether the request uses the HTTP or HTTPS protocol. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"HTTP", "HTTPS"}, false)), + Optional: true, + Description: "Specifies the protocol.", + Type: schema.TypeString, + }, + }, + }, + }, + "request_type": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the basic type of request. To use this match, you need to be thoroughly familiar with how Akamai edge servers process requests. Contact your Akamai Technical representative if you need help, and test thoroughly on staging before activating on production. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Specifies whether the request `IS` or `IS_NOT` the type of specified `value`.", + Type: schema.TypeString, + }, + "value": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"CLIENT_REQ", "ESI_FRAGMENT", "EW_SUBREQUEST"}, false)), + Optional: true, + Description: "Specifies the type of request, either a standard `CLIENT_REQ`, an `ESI_FRAGMENT`, or an `EW_SUBREQUEST`.", + Type: schema.TypeString, + }, + }, + }, + }, + "response_header": { + Optional: true, + Type: schema.TypeList, + Description: "Match HTTP header names or values. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "header_name": { + ValidateDiagFunc: validateRegexOrVariable("^[^()<>@,;:\\\"/\\[\\]?{}\\s]+$"), + Optional: true, + Description: "The name of the response header, for example `Content-Type`.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF", "EXISTS", "DOES_NOT_EXIST", "IS_LESS_THAN", "IS_MORE_THAN", "IS_BETWEEN"}, false)), + Optional: true, + Description: "Narrows the match according to various criteria.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "The response header's value, for example `application/x-www-form-urlencoded` when the header `headerName` is `Content-Type`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "lower_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "When the `value` is numeric, this field specifies the match's minimum value.", + Type: schema.TypeInt, + }, + "upper_bound": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+$"), + Optional: true, + Description: "When the `value` is numeric, this field specifies the match's maximum value.", + Type: schema.TypeInt, + }, + "match_wildcard_name": { + Optional: true, + Description: "Allows wildcards in the `headerName` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_wildcard_value": { + Optional: true, + Description: "Allows wildcards in the `value` field, where `?` matches a single character and `*` matches zero or more characters.", + Type: schema.TypeBool, + }, + "match_case_sensitive_value": { + Optional: true, + Description: "When enabled, the match is case-sensitive for the `value` field.", + Type: schema.TypeBool, + }, + }, + }, + }, + "server_location": { + Optional: true, + Type: schema.TypeList, + Description: "The location of the Akamai server handling the request. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "location_type": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COUNTRY", "CONTINENT", "REGION"}, false)), + Optional: true, + Description: "Indicates the geographic scope.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the specified set of values when set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "countries": { + Optional: true, + Description: "ISO 3166-1 country codes, such as `US` or `CN`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "continents": { + Optional: true, + Description: "Continent codes.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "regions": { + Optional: true, + Description: "ISO 3166 country and region codes, for example `US:MA` for Massachusetts or `JP:13` for Tokyo.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "time": { + Optional: true, + Type: schema.TypeList, + Description: "Specifies ranges of times during which the request occurred. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BEGINNING", "BETWEEN", "LASTING", "REPEATING"}, false)), + Optional: true, + Description: "Specifies how to define the range of time.", + Type: schema.TypeString, + }, + "repeat_interval": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Sets the time between each repeating time period's starting points.", + Type: schema.TypeString, + }, + "repeat_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Sets the duration of each repeating time period.", + Type: schema.TypeString, + }, + "lasting_duration": { + ValidateDiagFunc: validateRegexOrVariable("^[0-9]+[DdHhMmSs]$"), + Optional: true, + Description: "Specifies the end of a time period as a duration relative to the `lastingDate`.", + Type: schema.TypeString, + }, + "lasting_date": { + Optional: true, + Description: "Sets the start of a fixed time period.", + Type: schema.TypeString, + }, + "repeat_begin_date": { + Optional: true, + Description: "Sets the start of the initial time period.", + Type: schema.TypeString, + }, + "apply_daylight_savings_time": { + Optional: true, + Description: "Adjusts the start time plus repeat interval to account for daylight saving time. Applies when the current time and the start time use different systems, daylight and standard, and the two values are in conflict.", + Type: schema.TypeBool, + }, + "begin_date": { + Optional: true, + Description: "Sets the start of a time period.", + Type: schema.TypeString, + }, + "end_date": { + Optional: true, + Description: "Sets the end of a fixed time period.", + Type: schema.TypeString, + }, + }, + }, + }, + "token_authorization": { + Optional: true, + Type: schema.TypeList, + Description: "Match on Auth Token 2.0 verification results. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_SUCCESS", "IS_CUSTOM_FAILURE", "IS_ANY_FAILURE"}, false)), + Optional: true, + Description: "Error match scope.", + Type: schema.TypeString, + }, + "status_list": { + Optional: true, + Description: "", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "user_agent": { + Optional: true, + Type: schema.TypeList, + Description: "Matches the user agent string that helps identify the client browser and device. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the specified set of `values` when set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "values": { + Optional: true, + Description: "The `User-Agent` header's value. For example, `Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "match_wildcard": { + Optional: true, + Description: "Allows wildcards in the `value` field, where `?` matches a single character and `*` matches zero or more characters. For example, `*Android*`, `*iPhone5*`, `*Firefox*`, or `*Chrome*` allow substring matches.", + Type: schema.TypeBool, + }, + "match_case_sensitive": { + Optional: true, + Description: "Sets a case-sensitive match for the `value` field.", + Type: schema.TypeBool, + }, + }, + }, + }, + "user_location": { + Optional: true, + Type: schema.TypeList, + Description: "The client browser's approximate geographic location, determined by looking up the IP address in a database. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "field": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"COUNTRY", "CONTINENT", "REGION"}, false)), + Optional: true, + Description: "Indicates the geographic scope.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the specified set of values when set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "country_values": { + Optional: true, + Description: "ISO 3166-1 country codes, such as `US` or `CN`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "continent_values": { + Optional: true, + Description: "Continent codes.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "region_values": { + Optional: true, + Description: "ISO 3166 country and region codes, for example `US:MA` for Massachusetts or `JP:13` for Tokyo.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "check_ips": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BOTH", "CONNECTING", "HEADERS"}, false)), + Optional: true, + Description: "Specifies which IP addresses determine the user's location.", + Type: schema.TypeString, + }, + "use_only_first_x_forwarded_for_ip": { + Optional: true, + Description: "When connecting via a proxy server as determined by the `X-Forwarded-For` header, enabling this option matches the end client specified in the header. Disabling it matches the connecting client's IP address.", + Type: schema.TypeBool, + }, + }, + }, + }, + "user_network": { + Optional: true, + Type: schema.TypeList, + Description: "Matches details of the network over which the request was made, determined by looking up the IP address in a database. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "field": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"NETWORK", "NETWORK_TYPE", "BANDWIDTH"}, false)), + Optional: true, + Description: "The type of information to match.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS_ONE_OF", "IS_NOT_ONE_OF"}, false)), + Optional: true, + Description: "Matches the specified set of values when set to `IS_ONE_OF`, otherwise `IS_NOT_ONE_OF` reverses the match.", + Type: schema.TypeString, + }, + "network_type_values": { + Optional: true, + Description: "", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "network_values": { + Optional: true, + Description: "Any set of specific networks.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "bandwidth_values": { + Optional: true, + Description: "Bandwidth range in bits per second, either `1`, `57`, `257`, `1000`, `2000`, or `5000`.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "check_ips": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"BOTH", "CONNECTING", "HEADERS"}, false)), + Optional: true, + Description: "Specifies which IP addresses determine the user's network.", + Type: schema.TypeString, + }, + "use_only_first_x_forwarded_for_ip": { + Optional: true, + Description: "When connecting via a proxy server as determined by the `X-Forwarded-For` header, enabling this option matches the end client specified in the header. Disabling it matches the connecting client's IP address.", + Type: schema.TypeBool, + }, + }, + }, + }, + "variable_error": { + Optional: true, + Type: schema.TypeList, + Description: "Matches any runtime errors that occur on edge servers based on the configuration of a `setVariable` behavior. See `Support for variables` section for more information on this feature. This criterion can be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "result": { + Optional: true, + Description: "Matches errors for the specified set of `variableNames`, otherwise matches errors from variables outside that set.", + Type: schema.TypeBool, + }, + "variable_names": { + Optional: true, + Description: "The name of the variable whose error triggers the match, or a space- or comma-delimited list of more than one variable name. Note that if you define a variable named `VAR`, the name in this field needs to appear with its added prefix as `PMUSER_VAR`. When such a variable is inserted into other fields, it appears with an additional namespace as `{{user.PMUSER_VAR}}`. See the `setVariable` behavior for details on variable names.", + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "virtual_waiting_room_request": { + Optional: true, + Type: schema.TypeList, + Description: "Helps to customize the requests identified by the `virtualWaitingRoom` behavior. Use this match criteria to define the `originServer` behavior for the waiting room. This criterion cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Specifies the match's logic.", + Type: schema.TypeString, + }, + "match_on": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"WR_ANY", "WR_MAIN_PAGE", "WR_ASSETS"}, false)), + Optional: true, + Description: "Specifies the type of request identified by the `virtualWaitingRoom` behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + "visitor_prioritization_request": { + Optional: true, + Type: schema.TypeList, + Description: "Helps to customize the requests identified by the `visitorPrioritizationFifo` behavior. The basic use case for this match criteria is to define the `originServer` behavior for the waiting room. This criterion cannot be used in includes.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locked": { + Optional: true, + Description: "Indicates that your Akamai representative has locked this behavior or criteria so that you can't modify it. This option is for internal usage only.", + Type: schema.TypeBool, + }, + "uuid": { + ValidateDiagFunc: validateRegex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"), + Optional: true, + Description: "A uuid member indicates that at least one of its component behaviors or criteria is advanced and read-only. You need to preserve this uuid as well when modifying the rule tree. This option is for internal usage only.", + Type: schema.TypeString, + }, + "template_uuid": { + Optional: true, + Description: "This option is for internal usage only.", + Type: schema.TypeString, + }, + "match_operator": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"IS", "IS_NOT"}, false)), + Optional: true, + Description: "Specifies the match's logic.", + Type: schema.TypeString, + }, + "match_on": { + ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"WR_ANY", "WR_MAIN_PAGE", "WR_ASSETS"}, false)), + Optional: true, + Description: "Specifies the type of request identified by the `visitorPrioritizationFifo` behavior.", + Type: schema.TypeString, + }, + }, + }, + }, + } +} diff --git a/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/content_compression_v2024_08_13.json b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/content_compression_v2024_08_13.json new file mode 100755 index 000000000..11d402969 --- /dev/null +++ b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/content_compression_v2024_08_13.json @@ -0,0 +1,68 @@ +{ + "_ruleFormat_": "rules_v2024_08_13", + "rules": { + "behaviors": [ + { + "name": "cpCode", + "options": { + "value": { + "cpCodeLimits": { + "currentCapacity": -143, + "limit": 100, + "limitType": "global" + }, + "createdDate": 1678276597000, + "description": "papi.declarativ.test.ipqa", + "id": 1048126, + "name": "papi.declarativ.test.ipqa", + "products": [ + "Fresca" + ] + } + } + }, + { + "name": "gzipResponse", + "options": { + "behavior": "ALWAYS" + } + } + ], + "criteria": [ + { + "name": "contentType", + "options": { + "matchCaseSensitive": false, + "matchOperator": "IS_ONE_OF", + "matchWildcard": true, + "values": [ + "text/*", + "application/javascript", + "application/x-javascript", + "application/x-javascript*", + "application/json", + "application/x-json", + "application/*+json", + "application/*+xml", + "application/text", + "application/vnd.microsoft.icon", + "application/vnd-ms-fontobject", + "application/x-font-ttf", + "application/x-font-opentype", + "application/x-font-truetype", + "application/xmlfont/eot", + "application/xml", + "font/opentype", + "font/otf", + "font/eot", + "image/svg+xml", + "image/vnd.microsoft.icon" + ] + } + } + ], + "name": "Content Compression", + "options": {}, + "criteriaMustSatisfy": "all" + } +} \ No newline at end of file diff --git a/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/default_v2024_08_13.json b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/default_v2024_08_13.json new file mode 100755 index 000000000..572d047d0 --- /dev/null +++ b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/default_v2024_08_13.json @@ -0,0 +1,373 @@ +{ + "_ruleFormat_": "rules_v2024_08_13", + "rules": { + "advancedOverride": "test", + "behaviors": [ + { + "name": "contentCharacteristicsAMD", + "options": { + "catalogSize": "SMALL", + "contentType": "ULTRA_HD", + "dash": true, + "hds": true, + "hls": true, + "popularityDistribution": "UNKNOWN", + "segmentDurationDASH": "SEGMENT_DURATION_10S", + "segmentDurationDASHCustom": 100, + "segmentDurationHDS": "SEGMENT_DURATION_2S", + "segmentDurationHDSCustom": 100, + "segmentDurationHLS": "SEGMENT_DURATION_4S", + "segmentDurationHLSCustom": 3.14, + "segmentDurationSmooth": "SEGMENT_DURATION_8S", + "segmentDurationSmoothCustom": 3.14, + "segmentSizeDASH": "GREATER_THAN_100MB", + "segmentSizeHDS": "TEN_MB_TO_100_MB", + "segmentSizeHLS": "GREATER_THAN_100MB", + "segmentSizeSmooth": "UNKNOWN", + "smooth": true + } + }, + { + "name": "origin", + "options": { + "cacheKeyHostname": "ORIGIN_HOSTNAME", + "compress": true, + "customCertificates": [ + { + "canBeCA": false, + "canBeLeaf": true, + "issuerRDNs": { + "C": "US", + "CN": "DigiCert TLS RSA SHA256 2020 CA1", + "O": "DigiCert Inc" + } + } + ], + "enableTrueClientIp": true, + "forwardHostHeader": "REQUEST_HOST_HEADER", + "httpPort": 80, + "httpsPort": 443, + "originSni": true, + "originType": "CUSTOMER", + "trueClientIpClientSetting": false, + "trueClientIpHeader": "True-Client-IP", + "useUniqueCacheKey": false, + "verificationMode": "PLATFORM_SETTINGS" + } + }, + { + "name": "adScalerCircuitBreaker", + "options": { + "returnErrorResponseCodeBased": 502 + } + }, + { + "name": "applicationLoadBalancer", + "options": { + "allDownNetStorage": { + "cpCode": 123, + "downloadDomainName": "test" + }, + "failoverOriginMap": [ + { + "fromOriginId": "123" + } + ] + } + }, + { + "name": "apiPrioritization", + "options": { + "cloudletPolicy": { + "id": 1337, + "name": "test" + } + } + }, + { + "name": "caching", + "options": { + "behavior": "NO_STORE" + } + }, + { + "name": "sureRoute", + "options": { + "enabled": true, + "forceSslForward": false, + "raceStatTtl": "30m", + "toHostStatus": "INCOMING_HH", + "type": "PERFORMANCE" + } + }, + { + "name": "tieredDistribution", + "options": { + "enabled": true, + "tieredDistributionMap": "CH2" + } + }, + { + "name": "prefetch", + "options": { + "enabled": true + } + }, + { + "name": "allowPost", + "options": { + "allowWithoutContentLength": false, + "enabled": true + } + }, + { + "name": "cpCode", + "options": { + "value": { + "createdDate": 1678276597000, + "description": "papi.declarativ.test.ipqa", + "id": 1048126, + "name": "papi.declarativ.test.ipqa", + "products": [ + "Fresca" + ] + } + } + }, + { + "name": "report", + "options": { + "logAcceptLanguage": false, + "logCookies": "OFF", + "logCustomLogField": false, + "logEdgeIP": false, + "logHost": false, + "logReferer": false, + "logUserAgent": true, + "logXForwardedFor": false + } + }, + { + "name": "mPulse", + "options": { + "apiKey": "", + "bufferSize": "", + "configOverride": "\n", + "enabled": true, + "loaderVersion": "V12", + "requirePci": false + } + } + ], + "children": [ + { + "behaviors": [ + { + "name": "cpCode", + "options": { + "value": { + "cpCodeLimits": { + "currentCapacity": -143, + "limit": 100, + "limitType": "global" + }, + "createdDate": 1678276597000, + "description": "papi.declarativ.test.ipqa", + "id": 1048126, + "name": "papi.declarativ.test.ipqa", + "products": [ + "Fresca" + ] + } + } + }, + { + "name": "gzipResponse", + "options": { + "behavior": "ALWAYS" + } + } + ], + "criteria": [ + { + "name": "contentType", + "options": { + "matchCaseSensitive": false, + "matchOperator": "IS_ONE_OF", + "matchWildcard": true, + "values": [ + "text/*", + "application/javascript", + "application/x-javascript", + "application/x-javascript*", + "application/json", + "application/x-json", + "application/*+json", + "application/*+xml", + "application/text", + "application/vnd.microsoft.icon", + "application/vnd-ms-fontobject", + "application/x-font-ttf", + "application/x-font-opentype", + "application/x-font-truetype", + "application/xmlfont/eot", + "application/xml", + "font/opentype", + "font/otf", + "font/eot", + "image/svg+xml", + "image/vnd.microsoft.icon" + ] + } + } + ], + "name": "Content Compression", + "options": {}, + "criteriaMustSatisfy": "all" + }, + { + "behaviors": [ + { + "name": "caching", + "options": { + "behavior": "MAX_AGE", + "mustRevalidate": false, + "ttl": "1d" + } + }, + { + "name": "prefetch", + "options": { + "enabled": false + } + }, + { + "name": "prefetchable", + "options": { + "enabled": true + } + } + ], + "criteria": [ + { + "name": "fileExtension", + "options": { + "matchCaseSensitive": false, + "matchOperator": "IS_ONE_OF", + "values": [ + "aif", + "aiff", + "au", + "avi", + "bin", + "bmp", + "cab", + "carb", + "cct", + "cdf", + "class", + "css", + "doc", + "dcr", + "dtd", + "exe", + "flv", + "gcf", + "gff", + "gif", + "grv", + "hdml", + "hqx", + "ico", + "ini", + "jpeg", + "jpg", + "js", + "mov", + "mp3", + "nc", + "pct", + "pdf", + "png", + "ppc", + "pws", + "swa", + "swf", + "txt", + "vbs", + "w32", + "wav", + "wbmp", + "wml", + "wmlc", + "wmls", + "wmlsc", + "xsd", + "zip", + "webp", + "jxr", + "hdp", + "wdp", + "pict", + "tif", + "tiff", + "mid", + "midi", + "ttf", + "eot", + "woff", + "woff2", + "otf", + "svg", + "svgz", + "webp", + "jxr", + "jar", + "jp2" + ] + } + } + ], + "name": "Static Content", + "options": {}, + "criteriaMustSatisfy": "all" + }, + { + "behaviors": [ + { + "name": "downstreamCache", + "options": { + "behavior": "TUNNEL_ORIGIN" + } + }, + { + "name": "restrictObjectCaching", + "options": {} + } + ], + "criteria": [ + { + "name": "cacheability", + "options": { + "matchOperator": "IS_NOT", + "value": "CACHEABLE" + } + } + ], + "name": "Dynamic Content", + "options": {}, + "criteriaMustSatisfy": "all" + } + ], + "comments": "test", + "customOverride": { + "name": "test", + "overrideId": "test" + }, + "name": "default", + "options": {}, + "uuid": "test", + "templateUuid": "test", + "templateLink": "test" + } +} \ No newline at end of file diff --git a/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/dynamic_content_v2024_08_13.json b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/dynamic_content_v2024_08_13.json new file mode 100755 index 000000000..db6d6a9dc --- /dev/null +++ b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/dynamic_content_v2024_08_13.json @@ -0,0 +1,29 @@ +{ + "_ruleFormat_": "rules_v2024_08_13", + "rules": { + "behaviors": [ + { + "name": "downstreamCache", + "options": { + "behavior": "TUNNEL_ORIGIN" + } + }, + { + "name": "restrictObjectCaching", + "options": {} + } + ], + "criteria": [ + { + "name": "cacheability", + "options": { + "matchOperator": "IS_NOT", + "value": "CACHEABLE" + } + } + ], + "name": "Dynamic Content", + "options": {}, + "criteriaMustSatisfy": "all" + } +} \ No newline at end of file diff --git a/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/rules_v2024_08_13.tf b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/rules_v2024_08_13.tf new file mode 100644 index 000000000..faf6ad5a4 --- /dev/null +++ b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/rules_v2024_08_13.tf @@ -0,0 +1,268 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +data "akamai_property_rules_builder" "default" { + rules_v2024_08_13 { + name = "default" + is_secure = false + custom_override { + name = "test" + override_id = "test" + } + advanced_override = "test" + comments = "test" + uuid = "test" + template_uuid = "test" + template_link = "test" + + behavior { + content_characteristics_amd { + catalog_size = "SMALL" + content_type = "ULTRA_HD" + dash = true + hds = true + hls = true + popularity_distribution = "UNKNOWN" + segment_duration_dash = "SEGMENT_DURATION_10S" + segment_duration_dash_custom = 100 + segment_duration_hds = "SEGMENT_DURATION_2S" + segment_duration_hds_custom = 100 + segment_duration_hls = "SEGMENT_DURATION_4S" + segment_duration_hls_custom = 3.14 + segment_duration_smooth = "SEGMENT_DURATION_8S" + segment_duration_smooth_custom = 3.14 + segment_size_dash = "GREATER_THAN_100MB" + segment_size_hds = "TEN_MB_TO_100_MB" + segment_size_hls = "GREATER_THAN_100MB" + segment_size_smooth = "UNKNOWN" + smooth = true + } + } + behavior { + origin { + cache_key_hostname = "ORIGIN_HOSTNAME" + compress = true + enable_true_client_ip = true + forward_host_header = "REQUEST_HOST_HEADER" + http_port = 80 + https_port = 443 + origin_sni = true + origin_type = "CUSTOMER" + true_client_ip_client_setting = false + true_client_ip_header = "True-Client-IP" + use_unique_cache_key = false + verification_mode = "PLATFORM_SETTINGS" + custom_certificates { + can_be_ca = false + can_be_leaf = true + issuer_rdns { + c = "US" + cn = "DigiCert TLS RSA SHA256 2020 CA1" + o = "DigiCert Inc" + } + } + } + } + behavior { + ad_scaler_circuit_breaker { + return_error_response_code_based = "502" + } + } + behavior { + application_load_balancer { + all_down_net_storage { + cp_code = 123 + download_domain_name = "test" + } + failover_origin_map { + from_origin_id = "123" + + } + } + } + behavior { + api_prioritization { + cloudlet_policy { + id = 1337 + name = "test" + } + } + } + + behavior { + caching { + behavior = "NO_STORE" + } + } + + behavior { + sure_route { + enabled = true + force_ssl_forward = false + race_stat_ttl = "30m" + to_host_status = "INCOMING_HH" + type = "PERFORMANCE" + } + } + + behavior { + tiered_distribution { + enabled = true + tiered_distribution_map = "CH2" + } + } + + behavior { + prefetch { + enabled = true + } + } + + behavior { + allow_post { + allow_without_content_length = false + enabled = true + } + } + behavior { + cp_code { + value { + created_date = 1678276597000 + description = "papi.declarativ.test.ipqa" + id = 1048126 + name = "papi.declarativ.test.ipqa" + products = ["Fresca", ] + } + } + } + behavior { + report { + log_accept_language = false + log_cookies = "OFF" + log_custom_log_field = false + log_edge_ip = false + log_host = false + log_referer = false + log_user_agent = true + log_x_forwarded_for = false + } + } + + behavior { + m_pulse { + api_key = "" + buffer_size = "" + config_override = <<-EOT + +EOT + enabled = true + loader_version = "V12" + require_pci = false + + } + } + children = [ + data.akamai_property_rules_builder.content_compression.json, + data.akamai_property_rules_builder.static_content.json, + data.akamai_property_rules_builder.dynamic_content.json, + ] + } +} + +data "akamai_property_rules_builder" "content_compression" { + rules_v2024_08_13 { + name = "Content Compression" + criteria_must_satisfy = "all" + criterion { + content_type { + match_case_sensitive = false + match_operator = "IS_ONE_OF" + match_wildcard = true + values = ["text/*", "application/javascript", "application/x-javascript", "application/x-javascript*", "application/json", "application/x-json", "application/*+json", "application/*+xml", "application/text", "application/vnd.microsoft.icon", "application/vnd-ms-fontobject", "application/x-font-ttf", "application/x-font-opentype", "application/x-font-truetype", "application/xmlfont/eot", "application/xml", "font/opentype", "font/otf", "font/eot", "image/svg+xml", "image/vnd.microsoft.icon", ] + } + } + behavior { + cp_code { + value { + created_date = 1678276597000 + description = "papi.declarativ.test.ipqa" + id = 1048126 + name = "papi.declarativ.test.ipqa" + products = ["Fresca", ] + cp_code_limits { + current_capacity = -143 + limit = 100 + limit_type = "global" + } + } + } + } + behavior { + gzip_response { + behavior = "ALWAYS" + } + } + children = [ + ] + } +} + +data "akamai_property_rules_builder" "static_content" { + rules_v2024_08_13 { + name = "Static Content" + criteria_must_satisfy = "all" + criterion { + file_extension { + match_case_sensitive = false + match_operator = "IS_ONE_OF" + values = ["aif", "aiff", "au", "avi", "bin", "bmp", "cab", "carb", "cct", "cdf", "class", "css", "doc", "dcr", "dtd", "exe", "flv", "gcf", "gff", "gif", "grv", "hdml", "hqx", "ico", "ini", "jpeg", "jpg", "js", "mov", "mp3", "nc", "pct", "pdf", "png", "ppc", "pws", "swa", "swf", "txt", "vbs", "w32", "wav", "wbmp", "wml", "wmlc", "wmls", "wmlsc", "xsd", "zip", "webp", "jxr", "hdp", "wdp", "pict", "tif", "tiff", "mid", "midi", "ttf", "eot", "woff", "woff2", "otf", "svg", "svgz", "webp", "jxr", "jar", "jp2", ] + } + } + behavior { + caching { + behavior = "MAX_AGE" + must_revalidate = false + ttl = "1d" + } + } + behavior { + prefetch { + enabled = false + } + } + behavior { + prefetchable { + enabled = true + } + } + children = [ + ] + } +} + +data "akamai_property_rules_builder" "dynamic_content" { + rules_v2024_08_13 { + name = "Dynamic Content" + criteria_must_satisfy = "all" + criterion { + cacheability { + match_operator = "IS_NOT" + value = "CACHEABLE" + } + } + behavior { + downstream_cache { + behavior = "TUNNEL_ORIGIN" + } + } + + behavior { + restrict_object_caching {} + } + + children = [ + ] + } +} + diff --git a/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/static_content_v2024_08_13.json b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/static_content_v2024_08_13.json new file mode 100755 index 000000000..6c8646f9b --- /dev/null +++ b/pkg/providers/property/testdata/TestDSPropertyRulesBuilder/static_content_v2024_08_13.json @@ -0,0 +1,110 @@ +{ + "_ruleFormat_": "rules_v2024_08_13", + "rules": { + "behaviors": [ + { + "name": "caching", + "options": { + "behavior": "MAX_AGE", + "mustRevalidate": false, + "ttl": "1d" + } + }, + { + "name": "prefetch", + "options": { + "enabled": false + } + }, + { + "name": "prefetchable", + "options": { + "enabled": true + } + } + ], + "criteria": [ + { + "name": "fileExtension", + "options": { + "matchCaseSensitive": false, + "matchOperator": "IS_ONE_OF", + "values": [ + "aif", + "aiff", + "au", + "avi", + "bin", + "bmp", + "cab", + "carb", + "cct", + "cdf", + "class", + "css", + "doc", + "dcr", + "dtd", + "exe", + "flv", + "gcf", + "gff", + "gif", + "grv", + "hdml", + "hqx", + "ico", + "ini", + "jpeg", + "jpg", + "js", + "mov", + "mp3", + "nc", + "pct", + "pdf", + "png", + "ppc", + "pws", + "swa", + "swf", + "txt", + "vbs", + "w32", + "wav", + "wbmp", + "wml", + "wmlc", + "wmls", + "wmlsc", + "xsd", + "zip", + "webp", + "jxr", + "hdp", + "wdp", + "pict", + "tif", + "tiff", + "mid", + "midi", + "ttf", + "eot", + "woff", + "woff2", + "otf", + "svg", + "svgz", + "webp", + "jxr", + "jar", + "jp2" + ] + } + } + ], + "name": "Static Content", + "options": {}, + "criteriaMustSatisfy": "all" + } +} \ No newline at end of file From 05455a1c6ff6385faac78a9d0fb8b6c8bf2a6ca7 Mon Sep 17 00:00:00 2001 From: Piotr Bartosik Date: Mon, 12 Aug 2024 08:38:20 +0000 Subject: [PATCH 08/17] DXE-3992 add support for moving property in papi resources --- CHANGELOG.md | 3 +- .../resource_akamai_cloudaccess_key.go | 2 +- .../resource_akamai_cloudaccess_key_test.go | 2 +- ...resource_akamai_cloudwrapper_activation.go | 2 +- .../resource_akamai_cps_dv_enrollment_test.go | 10 +- ..._akamai_cps_third_party_enrollment_test.go | 14 +- pkg/providers/property/helpers.go | 128 +++++++++++++ pkg/providers/property/provider.go | 10 + pkg/providers/property/provider_test.go | 12 ++ .../property/resource_akamai_property.go | 73 +++++-- .../resource_akamai_property_activation.go | 2 +- .../resource_akamai_property_bootstrap.go | 48 ++++- ...resource_akamai_property_bootstrap_test.go | 181 ++++++++++++++---- .../resource_akamai_property_helpers_test.go | 89 +++++++++ ...urce_akamai_property_include_activation.go | 4 +- .../property/resource_akamai_property_test.go | 173 +++++++++++++++++ .../testdata/TestGroupIDUpdate/base.tf | 16 ++ .../TestGroupIDUpdate/update_group_id.tf | 16 ++ .../update_group_id_and_hostnames.tf | 16 ++ .../update_group_id_and_name.tf | 16 ++ .../TestResPropertyBootstrap/update_name.tf | 10 + .../update_name_and_group.tf | 10 + 22 files changed, 763 insertions(+), 74 deletions(-) create mode 100644 pkg/providers/property/testdata/TestGroupIDUpdate/base.tf create mode 100644 pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id.tf create mode 100644 pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_hostnames.tf create mode 100644 pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_name.tf create mode 100644 pkg/providers/property/testdata/TestResPropertyBootstrap/update_name.tf create mode 100644 pkg/providers/property/testdata/TestResPropertyBootstrap/update_name_and_group.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 707c2eae8..afa7920b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,7 +31,8 @@ - +* PAPI + * Added support for moving PAPI resources between groups (`akamai_property` and `akamai_property_bootstrap`) by updating the `group_id` field. * CPS diff --git a/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key.go b/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key.go index 87f16c47c..d4f8ae466 100644 --- a/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key.go +++ b/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key.go @@ -120,7 +120,7 @@ func (r *KeyResource) ModifyPlan(ctx context.Context, request resource.ModifyPla } if state != nil && plan != nil && checkIfSecretChangedAndWasNotEmpty(state, plan) { - response.Diagnostics.AddError("access key credentials error", "cannot update cloud access secret without update of cloud access key id, expect in-place update of secret after import") + response.Diagnostics.AddError("access key credentials error", "cannot update cloud access secret without update of cloud access key id, expect update of secret after import with no API calls") return } diff --git a/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key_test.go b/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key_test.go index 0ab0cae96..5d8c22934 100644 --- a/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key_test.go +++ b/pkg/providers/cloudaccess/resource_akamai_cloudaccess_key_test.go @@ -1066,7 +1066,7 @@ func TestAccessKeyResource(t *testing.T) { }, { Config: testutils.LoadFixtureString(t, "testdata/TestResAccessKey/changed_secret.tf"), - ExpectError: regexp.MustCompile("\\s*cannot update cloud access secret without update of cloud access key id,\\s*expect in-place update of secret after import"), + ExpectError: regexp.MustCompile("\\s*cannot update cloud access secret without update of cloud access key id,\\s*expect update of secret after import with no API calls"), }, }, }, diff --git a/pkg/providers/cloudwrapper/resource_akamai_cloudwrapper_activation.go b/pkg/providers/cloudwrapper/resource_akamai_cloudwrapper_activation.go index 79b5bf22d..655f0dae4 100644 --- a/pkg/providers/cloudwrapper/resource_akamai_cloudwrapper_activation.go +++ b/pkg/providers/cloudwrapper/resource_akamai_cloudwrapper_activation.go @@ -28,7 +28,7 @@ var ( var ( activationTimeout = 4 * time.Hour - onlyTimeoutChangeWarn = diag.NewWarningDiagnostic("Update in Place", "requested only timeout change; API won't be called") + onlyTimeoutChangeWarn = diag.NewWarningDiagnostic("Update with no API calls", "requested only timeout change; API won't be called") ) const readError = "could not read Config from API" diff --git a/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go b/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go index a1bfc83c9..e55b85385 100644 --- a/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go +++ b/pkg/providers/cps/resource_akamai_cps_dv_enrollment_test.go @@ -134,7 +134,7 @@ func TestResourceDVEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -712,7 +712,7 @@ func TestResourceDVEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -925,7 +925,7 @@ func TestResourceDVEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 3, @@ -1110,7 +1110,7 @@ func TestResourceDVEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -1867,7 +1867,7 @@ func TestResourceDVEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, diff --git a/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go b/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go index f82630106..635a23a3f 100644 --- a/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go +++ b/pkg/providers/cps/resource_akamai_cps_third_party_enrollment_test.go @@ -69,7 +69,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -361,7 +361,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -491,7 +491,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -607,7 +607,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 3, @@ -699,7 +699,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -799,7 +799,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, @@ -1156,7 +1156,7 @@ func TestResourceThirdPartyEnrollment(t *testing.T) { }, }, nil).Once() - // final verification loop, everything in place + // final verification loop client.On("GetChangeStatus", mock.Anything, cps.GetChangeStatusRequest{ EnrollmentID: 1, ChangeID: 2, diff --git a/pkg/providers/property/helpers.go b/pkg/providers/property/helpers.go index 2407a5c9d..07cd34ce1 100644 --- a/pkg/providers/property/helpers.go +++ b/pkg/providers/property/helpers.go @@ -1,11 +1,17 @@ package property import ( + "context" "errors" "fmt" + "net/http" "strings" + "time" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/iam" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" + "github.com/akamai/terraform-provider-akamai/v6/pkg/common/str" + "github.com/apex/log" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -199,3 +205,125 @@ func NetworkAlias(network string) (string, error) { } return string(networkValue), nil } + +func areGroupIDsDifferent(firstGroupID, secondGroupID string) (bool, error) { + gid1, err := str.GetIntID(firstGroupID, "grp_") + if err != nil { + return false, err + } + + gid2, err := str.GetIntID(secondGroupID, "grp_") + if err != nil { + return false, err + } + + return gid1 != gid2, nil +} + +type papiKey struct { + propertyID string + groupID string + contractID string +} + +func updateGroupID(ctx context.Context, client papi.PAPI, iamClient iam.IAM, key papiKey, + destGroupID string) error { + + logger := log.FromContext(ctx).WithFields(log.Fields{ + "key": key, + "destGroupID": destGroupID, + }) + logger.Debug("updateGroupID") + + from, err := str.GetIntID(key.groupID, "grp_") + if err != nil { + return err + } + + to, err := str.GetIntID(destGroupID, "grp_") + if err != nil { + return err + } + + // assetID is the ID of the property in the Identity and Access Management API + // See: https://techdocs.akamai.com/iam-api/reference/manage-access-to-properties-and-includes + // We never store assetID in the state, so we need to fetch it here + prp, err := fetchLatestProperty(ctx, client, key.propertyID, key.groupID, key.contractID) + if err != nil { + return err + } + + iamID, err := str.GetIntID(prp.AssetID, "aid_") + if err != nil { + return err + } + + logger.Debugf("Changing group id from %d to %d for IAM id %d", from, to, iamID) + + err = iamClient.MoveProperty(ctx, iam.MovePropertyRequest{ + PropertyID: int64(iamID), + BodyParams: iam.MovePropertyReqBody{ + DestinationGroupID: int64(to), + SourceGroupID: int64(from), + }, + }) + if err != nil { + return err + } + + err = waitForGroupIDChange(ctx, client, papiKey{ + propertyID: key.propertyID, + groupID: destGroupID, + contractID: key.contractID, + }, 5) + return err +} + +func waitForGroupIDChange(ctx context.Context, client papi.PAPI, key papiKey, maxAttempts int) error { + logger := log.FromContext(ctx).WithFields(log.Fields{"key": key}) + logger.Debug("waitForGroupIDChange") + + req := papi.GetPropertyRequest{ + PropertyID: key.propertyID, + ContractID: key.contractID, + GroupID: key.groupID, + } + + attemptsLeft := maxAttempts + wait := time.Second + for { + _, err := client.GetProperty(ctx, req) + if err == nil { + logger.Debug("waitForGroupIDChange: success") + return nil + } + if !isHTTP403(err) { + // Unexpected error + return err + } + + attemptsLeft-- + if attemptsLeft <= 0 { + return fmt.Errorf("waiting for groupID change to: %s for propertyID: %s, "+ + "contractID: %s in %d attempts failed", + key.groupID, key.propertyID, key.contractID, maxAttempts) + } + logger.Debugf("waitForGroupIDChange: new group id still not visible, %d attempts left, "+ + "waiting %s... (original error: %s)", attemptsLeft, wait, err) + + select { + case <-ctx.Done(): + return ctx.Err() + case <-time.After(wait): + wait = wait * 2 + } + } +} + +func isHTTP403(err error) bool { + var papiErr *papi.Error + if errors.As(err, &papiErr) { + return papiErr.StatusCode == http.StatusForbidden + } + return false +} diff --git a/pkg/providers/property/provider.go b/pkg/providers/property/provider.go index 0e2d32a5f..2ebac4e0f 100644 --- a/pkg/providers/property/provider.go +++ b/pkg/providers/property/provider.go @@ -7,6 +7,7 @@ import ( "fmt" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/hapi" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/iam" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/str" "github.com/akamai/terraform-provider-akamai/v6/pkg/meta" @@ -28,6 +29,7 @@ var ( var ( client papi.PAPI hapiClient hapi.HAPI + iamClient iam.IAM ) // NewSubprovider returns a new property subprovider @@ -51,6 +53,14 @@ func HapiClient(meta meta.Meta) hapi.HAPI { return hapi.Client(meta.Session()) } +// IAMClient returns the IAM interface +func IAMClient(meta meta.Meta) iam.IAM { + if iamClient != nil { + return iamClient + } + return iam.Client(meta.Session()) +} + // SDKResources returns the property resources implemented using terraform-plugin-sdk func (p *Subprovider) SDKResources() map[string]*schema.Resource { return map[string]*schema.Resource{ diff --git a/pkg/providers/property/provider_test.go b/pkg/providers/property/provider_test.go index 5c4147f5e..7ffd86977 100644 --- a/pkg/providers/property/provider_test.go +++ b/pkg/providers/property/provider_test.go @@ -6,6 +6,7 @@ import ( "testing" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/hapi" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/iam" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/testutils" "github.com/hashicorp/go-hclog" @@ -36,6 +37,17 @@ func useClient(papiCli papi.PAPI, hapiCli hapi.HAPI, f func()) { f() } +func useIam(iamCli iam.IAM, f func()) { + origIam := iamClient + iamClient = iamCli + + defer func() { + iamClient = origIam + }() + + f() +} + // suppressLogging prevents logging output during the given func unless TEST_LOGGING env var is not empty. Use this // to keep log messages from polluting test output. Not thread-safe. func suppressLogging(t *testing.T, f func()) { diff --git a/pkg/providers/property/resource_akamai_property.go b/pkg/providers/property/resource_akamai_property.go index 552a32e1b..c2bed21c8 100644 --- a/pkg/providers/property/resource_akamai_property.go +++ b/pkg/providers/property/resource_akamai_property.go @@ -666,7 +666,6 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter diags := diag.Diagnostics{} immutable := []string{ - "group_id", "contract_id", "product_id", "property_id", @@ -684,8 +683,9 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter } // We only update if these attributes change. - if !d.HasChanges("hostnames", "rules", "rule_format") { - logger.Debug("No changes to hostnames, rules, or rule_format (no update required)") + if !d.HasChanges("group_id", "hostnames", "rules", "rule_format") { + logger.Debug( + "No changes to group_id, hostnames, rules, or rule_format (no update required)") return nil } @@ -713,7 +713,39 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter propertyID := d.Id() contractID := d.Get("contract_id").(string) - groupID := d.Get("group_id").(string) + oldGID, _ := d.GetChange("group_id") + oldGroupID := oldGID.(string) + + // We want to change group id first: if the user loses access to the property as a result of + // group change, we want it to be visible immediately as an error during the same update. + // + // This way we will avoid the following scenario: + // 1. User changes the group and something else, e.g. hostnames and gets a success, + // although they don't belong to the new group, + // 2. User changes hostnames again (not the group) and only then gets a (hard to understand) + // error. + groupsDiffer, err := areGroupIDsDifferent(oldGroupID, property.GroupID) + if err != nil { + return diag.FromErr(err) + } + if groupsDiffer { + key := papiKey{ + propertyID: property.PropertyID, + groupID: oldGroupID, + contractID: property.ContractID, + } + + err := updateGroupID(ctx, client, IAMClient(meta.Must(m)), key, property.GroupID) + + if err != nil { + return diag.FromErr(err) + } + + if !d.HasChanges("hostnames", "rules", "rule_format") { + logger.Debug("Only group_id changed, exiting early") + return resourcePropertyRead(ctx, d, m) + } + } var propertyVersion int if v, ok := d.GetOk("read_version"); ok && v.(int) != 0 { @@ -722,7 +754,7 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter propertyVersion = property.LatestVersion } - resp, err := fetchPropertyVersion(ctx, client, propertyID, groupID, contractID, propertyVersion) + resp, err := fetchPropertyVersion(ctx, client, propertyID, property.GroupID, contractID, propertyVersion) if err != nil { d.Partial(true) return diag.FromErr(err) @@ -757,37 +789,44 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter } } - if !shouldUpdateRuleTree(d) { - return resourcePropertyRead(ctx, d, m) + if shouldUpdateRuleTree(d) { + if err := updateRuleTree(ctx, client, property, d); err != nil { + return diag.FromErr(err) + } } + return resourcePropertyRead(ctx, d, m) +} + +func updateRuleTree(ctx context.Context, client papi.PAPI, property papi.Property, + d *schema.ResourceData) error { ruleFormat, err := tf.GetStringValue("rule_format", d) if err != nil && !errors.Is(err, tf.ErrNotFound) { - return diag.FromErr(err) + return err } rulesJSON, err := tf.GetStringValue("rules", d) if err != nil && !errors.Is(err, tf.ErrNotFound) { - return diag.FromErr(err) + return err } versionNotes, err := tf.GetStringValue("version_notes", tf.NewRawConfig(d)) if err != nil && !errors.Is(err, tf.ErrNotFound) { - return diag.FromErr(err) + return err } rulesUpdate, err := newRulesUpdate(rulesJSON, versionNotes) if err != nil { d.Partial(true) - return diag.FromErr(err) + return err } if err := updatePropertyRules(ctx, client, property, rulesUpdate, ruleFormat); err != nil { d.Partial(true) - return diag.FromErr(err) + return err } - return resourcePropertyRead(ctx, d, m) + return nil } func resourcePropertyDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { @@ -805,7 +844,13 @@ func resourcePropertyDelete(ctx context.Context, d *schema.ResourceData, m inter } propertyID = d.Id() contractID := str.AddPrefix(d.Get("contract_id").(string), "ctr_") - groupID := str.AddPrefix(d.Get("group_id").(string), "grp_") + + // If delete is a result of a name update, group id could have also been changed. + // To be safe, we need to take the "old" value. + oldGroupID, newGroupID := d.GetChange("group_id") + logger.Debugf("resourcePropertyDelete: old group id: %s, new group id: %s", + oldGroupID.(string), newGroupID.(string)) + groupID := str.AddPrefix(oldGroupID.(string), "grp_") if err := removeProperty(ctx, client, propertyID, groupID, contractID); err != nil { return diag.FromErr(err) diff --git a/pkg/providers/property/resource_akamai_property_activation.go b/pkg/providers/property/resource_akamai_property_activation.go index 93b78ea83..ddb5d1914 100644 --- a/pkg/providers/property/resource_akamai_property_activation.go +++ b/pkg/providers/property/resource_akamai_property_activation.go @@ -565,7 +565,7 @@ func resourcePropertyActivationUpdate(ctx context.Context, d *schema.ResourceDat ) if !d.HasChangesExcept("timeouts", "compliance_record") { - logger.Debug("Only timeouts and/or compliance_record were updated, update in-place") + logger.Debug("Only timeouts and/or compliance_record were updated, update with no API calls") return nil } diff --git a/pkg/providers/property/resource_akamai_property_bootstrap.go b/pkg/providers/property/resource_akamai_property_bootstrap.go index ec564dc40..87c2a204b 100644 --- a/pkg/providers/property/resource_akamai_property_bootstrap.go +++ b/pkg/providers/property/resource_akamai_property_bootstrap.go @@ -72,7 +72,6 @@ func (r *BootstrapResource) Schema(_ context.Context, _ resource.SchemaRequest, Description: "Group ID to be assigned to the Property", PlanModifiers: []planmodifier.String{ modifiers.StringUseStateIf(modifiers.EqualUpToPrefixFunc("grp_")), - modifiers.PreventStringUpdate(), }, }, "contract_id": schema.StringAttribute{ @@ -201,8 +200,51 @@ func (r *BootstrapResource) Read(ctx context.Context, req resource.ReadRequest, } } -// Update of group, contract, product is noop, it will return an error before invoking Update. Updating name will result in resource replacement -func (r *BootstrapResource) Update(_ context.Context, _ resource.UpdateRequest, _ *resource.UpdateResponse) { +// Update supports change for the following attributes: +// - `group_id` using a dedicated endpoint from the IAM API, +// - `name`, which results in resource replacement. +// Trying to update `contract_id` or `product_id` will result in an error. +func (r *BootstrapResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state BootstrapResourceModel + + resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + groupsDiffer, err := areGroupIDsDifferent(state.GroupID.ValueString(), plan.GroupID.ValueString()) + if err != nil { + resp.Diagnostics.AddError( + "Unable to Update Resource", + fmt.Sprintf("An error occurred while parsing the group ids: %s, %s. Error: %s", + state.GroupID.ValueString(), plan.GroupID.ValueString(), err.Error())) + return + } + + if groupsDiffer { + key := papiKey{ + propertyID: state.ID.ValueString(), + groupID: str.AddPrefix(state.GroupID.ValueString(), "grp_"), + contractID: str.AddPrefix(state.ContractID.ValueString(), "ctr_"), + } + dest := str.AddPrefix(plan.GroupID.ValueString(), "grp_") + + err := updateGroupID(ctx, Client(r.meta), IAMClient(r.meta), key, dest) + + if err != nil { + resp.Diagnostics.AddError( + "Unable to Update Resource", + "An error occurred while moving the property. Error: "+err.Error()) + return + } + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...) } // Delete implements resource's Delete method diff --git a/pkg/providers/property/resource_akamai_property_bootstrap_test.go b/pkg/providers/property/resource_akamai_property_bootstrap_test.go index 117380237..c2ec19d1f 100644 --- a/pkg/providers/property/resource_akamai_property_bootstrap_test.go +++ b/pkg/providers/property/resource_akamai_property_bootstrap_test.go @@ -6,6 +6,7 @@ import ( "strings" "testing" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/iam" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/str" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/testutils" @@ -139,16 +140,17 @@ func TestBootstrapResourceUpdate(t *testing.T) { tests := map[string]struct { configPathForCreate string configPathForUpdate string - init func(*testing.T, *papi.Mock, testDataForPropertyBootstrap) + init func(*testing.T, *papi.Mock, *iam.Mock, testDataForPropertyBootstrap) mockData testDataForPropertyBootstrap errorForCreate *regexp.Regexp errorForUpdate *regexp.Regexp + updateChecks resource.TestCheckFunc }{ "create and remove prefixes - no diff": { configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", configPathForUpdate: "testdata/TestResPropertyBootstrap/create_without_prefixes.tf", - init: func(t *testing.T, m *papi.Mock, data testDataForPropertyBootstrap) { - ExpectCreateProperty(m, data.name, data.groupID, data.contractID, data.productID, data.propertyID) + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, data.propertyID) prp := &papi.Property{ ContractID: "ctr_2", GroupID: "grp_1", @@ -156,8 +158,8 @@ func TestBootstrapResourceUpdate(t *testing.T) { PropertyID: "prp_123", PropertyName: "property_name", } - ExpectGetProperty(m, data.propertyID, data.groupID, data.contractID, prp) - ExpectRemoveProperty(m, data.propertyID, data.contractID, data.groupID) + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp) + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID) }, mockData: testDataForPropertyBootstrap{ propertyID: "prp_123", @@ -166,21 +168,75 @@ func TestBootstrapResourceUpdate(t *testing.T) { contractID: "ctr_2", productID: "prd_3", }, + updateChecks: checkPropertyBootstrapAttributes(testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + }), }, - "create and update group - error": { + "create and update group id": { configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", configPathForUpdate: "testdata/TestResPropertyBootstrap/update_group.tf", - init: func(t *testing.T, m *papi.Mock, data testDataForPropertyBootstrap) { - ExpectCreateProperty(m, data.name, data.groupID, data.contractID, data.productID, data.propertyID) + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, + data.propertyID).Once() prp := &papi.Property{ + AssetID: "aid_55555", ContractID: "ctr_2", GroupID: "grp_1", ProductID: "prd_3", PropertyID: "prp_123", PropertyName: "property_name", } - ExpectGetProperty(m, data.propertyID, data.groupID, data.contractID, prp) - ExpectRemoveProperty(m, data.propertyID, data.contractID, data.groupID) + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp).Times(3) + + mockMoveProperty(iamMock, 55555, 1, 111) + + ExpectGetProperty(papiMock, data.propertyID, "grp_111", data.contractID, prp).Twice() + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, "grp_111") + }, + mockData: testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + }, + updateChecks: checkPropertyBootstrapAttributes(testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name", + groupID: "grp_111", + contractID: "ctr_2", + productID: "prd_3", + }), + }, + "create and update name - resource replacement": { + configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", + configPathForUpdate: "testdata/TestResPropertyBootstrap/update_name.tf", + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, + data.propertyID).Once() + prp := &papi.Property{ + AssetID: "aid_55555", + ContractID: "ctr_2", + GroupID: "grp_1", + ProductID: "prd_3", + PropertyID: "prp_123", + PropertyName: "property_name", + } + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp).Times(2) + + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID).Once() + + ExpectCreateProperty(papiMock, "property_name2", data.groupID, data.contractID, data.productID, + data.propertyID).Once() + + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp).Once() + + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID).Once() + }, mockData: testDataForPropertyBootstrap{ propertyID: "prp_123", @@ -189,13 +245,60 @@ func TestBootstrapResourceUpdate(t *testing.T) { contractID: "ctr_2", productID: "prd_3", }, - errorForUpdate: regexp.MustCompile("updating field `group_id` is not possible"), + updateChecks: checkPropertyBootstrapAttributes(testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name2", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + }), + }, + "create and update name and group id - resource replacement": { + configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", + configPathForUpdate: "testdata/TestResPropertyBootstrap/update_name_and_group.tf", + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, + data.propertyID).Once() + prp := &papi.Property{ + AssetID: "aid_55555", + ContractID: "ctr_2", + GroupID: "grp_1", + ProductID: "prd_3", + PropertyID: "prp_123", + PropertyName: "property_name", + } + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp).Times(2) + + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID).Once() + + ExpectCreateProperty(papiMock, "property_name2", "grp_93", data.contractID, data.productID, + data.propertyID).Once() + + ExpectGetProperty(papiMock, data.propertyID, "grp_93", data.contractID, prp).Once() + + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, "grp_93").Once() + + }, + mockData: testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + }, + updateChecks: checkPropertyBootstrapAttributes(testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name2", + groupID: "grp_93", + contractID: "ctr_2", + productID: "prd_3", + }), }, "create and update contract - error": { configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", configPathForUpdate: "testdata/TestResPropertyBootstrap/update_contract.tf", - init: func(t *testing.T, m *papi.Mock, data testDataForPropertyBootstrap) { - ExpectCreateProperty(m, data.name, data.groupID, data.contractID, data.productID, data.propertyID) + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, data.propertyID) prp := &papi.Property{ ContractID: "ctr_2", GroupID: "grp_1", @@ -203,8 +306,8 @@ func TestBootstrapResourceUpdate(t *testing.T) { PropertyID: "prp_123", PropertyName: "property_name", } - ExpectGetProperty(m, data.propertyID, data.groupID, data.contractID, prp) - ExpectRemoveProperty(m, data.propertyID, data.contractID, data.groupID) + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp) + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID) }, mockData: testDataForPropertyBootstrap{ propertyID: "prp_123", @@ -218,8 +321,8 @@ func TestBootstrapResourceUpdate(t *testing.T) { "create and update product - error": { configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", configPathForUpdate: "testdata/TestResPropertyBootstrap/update_product.tf", - init: func(t *testing.T, m *papi.Mock, data testDataForPropertyBootstrap) { - ExpectCreateProperty(m, data.name, data.groupID, data.contractID, data.productID, data.propertyID) + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, data.propertyID) prp := &papi.Property{ ContractID: "ctr_2", GroupID: "grp_1", @@ -227,8 +330,8 @@ func TestBootstrapResourceUpdate(t *testing.T) { PropertyID: "prp_123", PropertyName: "property_name", } - ExpectGetProperty(m, data.propertyID, data.groupID, data.contractID, prp) - ExpectRemoveProperty(m, data.propertyID, data.contractID, data.groupID) + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp) + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID) }, mockData: testDataForPropertyBootstrap{ propertyID: "prp_123", @@ -246,32 +349,34 @@ func TestBootstrapResourceUpdate(t *testing.T) { t.Run(name, func(t *testing.T) { t.Parallel() - m := &papi.Mock{} + papiMock := &papi.Mock{} + iamMock := &iam.Mock{} if test.init != nil { - test.init(t, m, test.mockData) + test.init(t, papiMock, iamMock, test.mockData) } - useClient(m, nil, func() { - resource.UnitTest(t, resource.TestCase{ - ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), - IsUnitTest: true, - Steps: []resource.TestStep{ - { - Config: testutils.LoadFixtureString(t, test.configPathForCreate), - Check: checkPropertyBootstrapAttributes(test.mockData), - ExpectError: test.errorForCreate, - }, - { - Config: testutils.LoadFixtureString(t, test.configPathForUpdate), - PlanOnly: true, - ExpectNonEmptyPlan: false, - ExpectError: test.errorForUpdate, + useClient(papiMock, nil, func() { + useIam(iamMock, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + IsUnitTest: true, + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, test.configPathForCreate), + Check: checkPropertyBootstrapAttributes(test.mockData), + ExpectError: test.errorForCreate, + }, + { + Config: testutils.LoadFixtureString(t, test.configPathForUpdate), + Check: test.updateChecks, + ExpectError: test.errorForUpdate, + }, }, - }, + }) }) }) - m.AssertExpectations(t) + papiMock.AssertExpectations(t) }) } } diff --git a/pkg/providers/property/resource_akamai_property_helpers_test.go b/pkg/providers/property/resource_akamai_property_helpers_test.go index 366a5d349..e6f43dffc 100644 --- a/pkg/providers/property/resource_akamai_property_helpers_test.go +++ b/pkg/providers/property/resource_akamai_property_helpers_test.go @@ -3,6 +3,7 @@ package property import ( "context" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/iam" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/ptr" "github.com/stretchr/testify/mock" @@ -393,3 +394,91 @@ func updateRuleTreeWithVariablesStep0() *papi.RulesUpdate { }, }) } + +type mockPropertyData struct { + propertyName string + groupID string + contractID string + productID string + propertyID string + latestVersion int + assetID string + cnameFrom string + cnameTo string +} + +type mockProperty struct { + mockPropertyData + papiMock *papi.Mock +} + +func (p *mockProperty) mockCreateProperty() *mock.Call { + return ExpectCreateProperty(p.papiMock, p.propertyName, p.groupID, p.contractID, p.productID, p.propertyID) +} + +func (p *mockProperty) mockUpdatePropertyVersionHostnames() *mock.Call { + return ExpectUpdatePropertyVersionHostnames(p.papiMock, p.propertyID, p.groupID, p.contractID, p.latestVersion, + []papi.Hostname{{ + CnameType: "EDGE_HOSTNAME", + CnameFrom: p.cnameFrom, + CnameTo: p.cnameTo, + CertProvisioningType: "DEFAULT", + }}, nil) +} + +func (p *mockProperty) mockGetProperty() *mock.Call { + return ExpectGetProperty(p.papiMock, p.propertyID, p.groupID, p.contractID, &papi.Property{ + PropertyName: p.propertyName, + GroupID: p.groupID, + ContractID: p.contractID, + ProductID: p.productID, + PropertyID: p.propertyID, + LatestVersion: p.latestVersion, + AssetID: p.assetID, + }) +} + +func (p *mockProperty) mockGetPropertyVersionHostnames() *mock.Call { + return ExpectGetPropertyVersionHostnames(p.papiMock, p.propertyID, p.groupID, p.contractID, p.latestVersion, &[]papi.Hostname{{ + CnameType: "EDGE_HOSTNAME", + CnameFrom: p.cnameFrom, + CnameTo: p.cnameTo, + CertProvisioningType: "DEFAULT", + }}) +} + +func (p *mockProperty) mockGetRuleTree() *mock.Call { + ruleFormat := "" + return ExpectGetRuleTree(p.papiMock, p.propertyID, p.groupID, p.contractID, p.latestVersion, nil, &ruleFormat, nil, nil) +} + +func (p *mockProperty) mockGetPropertyVersion() *mock.Call { + return ExpectGetPropertyVersion(p.papiMock, p.propertyID, p.groupID, p.contractID, p.latestVersion, papi.VersionStatusInactive, + papi.VersionStatusInactive) +} + +func (p *mockProperty) mockRemoveProperty() *mock.Call { + return ExpectRemoveProperty(p.papiMock, p.propertyID, p.contractID, p.groupID) +} + +func mockResourcePropertyCreate(p *mockProperty) { + p.mockCreateProperty().Once() + p.mockUpdatePropertyVersionHostnames().Once() + mockResourcePropertyRead(p) +} + +func mockResourcePropertyRead(p *mockProperty) { + p.mockGetProperty().Once() + p.mockGetPropertyVersionHostnames().Once() + p.mockGetRuleTree().Once() + p.mockGetPropertyVersion().Once() +} + +func mockMoveProperty(iamMock *iam.Mock, propertyID, srcGroupID, destGroupID int64) { + iamMock.On("MoveProperty", AnyCTX, iam.MovePropertyRequest{ + PropertyID: propertyID, + BodyParams: iam.MovePropertyReqBody{ + DestinationGroupID: destGroupID, + SourceGroupID: srcGroupID, + }}).Return(nil) +} diff --git a/pkg/providers/property/resource_akamai_property_include_activation.go b/pkg/providers/property/resource_akamai_property_include_activation.go index b9b7be2aa..c62fc76f7 100644 --- a/pkg/providers/property/resource_akamai_property_include_activation.go +++ b/pkg/providers/property/resource_akamai_property_include_activation.go @@ -143,7 +143,7 @@ func readTimeoutFromEnvOrDefault(name string, timeout time.Duration) *time.Durat timeout = time.Minute * time.Duration(n) } } - logger.Infof("using activation timeout value of %d minutes", timeout/time.Minute) + logger.Debugf("using activation timeout value of %s", timeout) return &timeout } @@ -229,7 +229,7 @@ func resourcePropertyIncludeActivationUpdate(ctx context.Context, d *schema.Reso logger.Debug("Updating property include activation") if !d.HasChangesExcept("timeouts", "compliance_record") { - logger.Debug("Only timeouts and/or compliance_record were updated, update in-place") + logger.Debug("Only timeouts and/or compliance_record were updated, update with no API calls") return nil } diff --git a/pkg/providers/property/resource_akamai_property_test.go b/pkg/providers/property/resource_akamai_property_test.go index 7e9565127..09077f696 100644 --- a/pkg/providers/property/resource_akamai_property_test.go +++ b/pkg/providers/property/resource_akamai_property_test.go @@ -10,6 +10,7 @@ import ( "strings" "testing" + "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/iam" "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/ptr" "github.com/akamai/terraform-provider-akamai/v6/pkg/common/testutils" @@ -949,6 +950,7 @@ func TestResProperty(t *testing.T) { // Test Lifecycle + // In the tests below update for hostnames is triggered t.Run("Lifecycle: create with propertyID", assertLifecycle(t, t.Name(), "with-propertyID", withPropertyID)) t.Run("Lifecycle: latest version is not active (normal)", assertLifecycle(t, t.Name(), "normal", latestVersionNotActive)) t.Run("Lifecycle: latest version is active in staging (normal)", assertLifecycle(t, t.Name(), "normal", latestVersionActiveInStaging)) @@ -964,12 +966,22 @@ func TestResProperty(t *testing.T) { t.Run("Lifecycle: latest version is not active (product_id without prefix)", assertLifecycle(t, t.Name(), "product_id without prefix", latestVersionNotActive)) t.Run("Lifecycle: latest version is active in staging (product_id without prefix)", assertLifecycle(t, t.Name(), "product_id without prefix", latestVersionActiveInStaging)) t.Run("Lifecycle: latest version is active in production (product_id without prefix)", assertLifecycle(t, t.Name(), "product_id without prefix", latestVersionActiveInProd)) + t.Run("Lifecycle: no diff", assertLifecycle(t, t.Name(), "no diff", noDiff)) t.Run("Lifecycle: diff cpCode", assertLifecycle(t, t.Name(), "rules diff cpcode", diffCPCode)) + + // Update for rules t.Run("Lifecycle: rules custom diff", assertLifecycle(t, t.Name(), "rules custom diff", rulesCustomDiff)) + t.Run("Lifecycle: no diff for hostnames (hostnames)", assertLifecycle(t, t.Name(), "hostnames", noDiffForHostnames)) + + // Update for hostnames t.Run("Lifecycle: new version changed on server", assertLifecycle(t, t.Name(), "new version changed on server", changesMadeOutsideOfTerraform)) + + // Update for rules t.Run("Lifecycle: rules with variables", assertLifecycle(t, t.Name(), "rules with variables", variablesInRuleTree)) + + // Update for hostnames t.Run("Lifecycle: Verify staging_version and production_version known at plan", assertLifecycle(t, t.Name(), "normal", stagingAndProductionVersionKnownAtPlan)) // Test Import @@ -1571,6 +1583,7 @@ func TestResProperty(t *testing.T) { }, nil).Once() } + // Update for hostnames and rules t.Run("400 from UpdatePropertyVersionHostnames - incorrect/invalid edge hostname", func(t *testing.T) { client := &papi.Mock{} client.Test(T{t}) @@ -1716,6 +1729,166 @@ func TestResProperty(t *testing.T) { }) } +func TestGroupIDUpdate(t *testing.T) { + baseData := mockPropertyData{ + propertyName: "dummy_name", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + propertyID: "prp_12345", + latestVersion: 1, + assetID: "aid_55555", + cnameFrom: "from.test.domain", + cnameTo: "to.test.domain", + } + + baseCheckName := resource.TestCheckResourceAttr("akamai_property.test", "name", "dummy_name") + baseCheckGroupID := resource.TestCheckResourceAttr("akamai_property.test", "group_id", "grp_1") + baseCheckCnameFrom := resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cname_from", "from.test.domain") + + commonBaseChecks := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_property.test", "contract_id", "ctr_2"), + resource.TestCheckResourceAttr("akamai_property.test", "product_id", "prd_3"), + resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cname_to", "to.test.domain"), + resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cert_provisioning_type", "DEFAULT")) + + tests := map[string]struct { + init func(*testing.T, *mockProperty, *iam.Mock) + configPathForUpdate string + updateChecks resource.TestCheckFunc + }{ + "update group id - in place": { + init: func(t *testing.T, p *mockProperty, iamMock *iam.Mock) { + mockResourcePropertyCreate(p) + // refresh + mockResourcePropertyRead(p) + // second refresh + mockResourcePropertyRead(p) + + // moving the property + // readout for obtaining assetID + p.mockGetProperty().Once() + mockMoveProperty(iamMock, 55555, 1, 111) + p.groupID = "grp_111" + // waiting for new groupID + p.mockGetProperty().Once() + // final read from the update function + mockResourcePropertyRead(p) + + // refresh + mockResourcePropertyRead(p) + p.mockRemoveProperty().Once() + }, + + configPathForUpdate: "testdata/TestGroupIDUpdate/update_group_id.tf", + + updateChecks: resource.ComposeTestCheckFunc( + baseCheckName, + resource.TestCheckResourceAttr("akamai_property.test", "group_id", "grp_111"), + baseCheckCnameFrom, + commonBaseChecks), + }, + "update group id and hostnames - in place": { + init: func(t *testing.T, p *mockProperty, iamMock *iam.Mock) { + mockResourcePropertyCreate(p) + // refresh + mockResourcePropertyRead(p) + // second refresh + mockResourcePropertyRead(p) + + // moving the property + // readout for obtaining assetID + p.mockGetProperty().Once() + mockMoveProperty(iamMock, 55555, 1, 111) + p.groupID = "grp_111" + // waiting for new groupID + p.mockGetProperty().Once() + // readout for general version calculations + p.mockGetPropertyVersion().Once() + // change in hostnames detected + p.cnameFrom = "from2.test.domain" + p.mockUpdatePropertyVersionHostnames().Once() + // final read from the update function + mockResourcePropertyRead(p) + + // refresh + mockResourcePropertyRead(p) + p.mockRemoveProperty().Once() + }, + + configPathForUpdate: "testdata/TestGroupIDUpdate/update_group_id_and_hostnames.tf", + + updateChecks: resource.ComposeTestCheckFunc( + baseCheckName, + resource.TestCheckResourceAttr("akamai_property.test", "group_id", "grp_111"), + resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cname_from", "from2.test.domain"), + commonBaseChecks), + }, + "update group id and name - recreate": { + init: func(t *testing.T, p *mockProperty, iamMock *iam.Mock) { + mockResourcePropertyCreate(p) + // refresh + mockResourcePropertyRead(p) + // second refresh + mockResourcePropertyRead(p) + p.mockRemoveProperty().Once() + + // recreate the resource + p.propertyName = "dummy_name2" + p.groupID = "grp_111" + mockResourcePropertyCreate(p) + // refresh + mockResourcePropertyRead(p) + p.mockRemoveProperty().Once() + }, + + configPathForUpdate: "testdata/TestGroupIDUpdate/update_group_id_and_name.tf", + + updateChecks: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_property.test", "name", "dummy_name2"), + resource.TestCheckResourceAttr("akamai_property.test", "group_id", "grp_111"), + baseCheckCnameFrom, + commonBaseChecks), + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + papiMock := &papi.Mock{} + iamMock := &iam.Mock{} + mp := mockProperty{ + papiMock: papiMock, + mockPropertyData: baseData, + } + test.init(t, &mp, iamMock) + + useClient(papiMock, nil, func() { + useIam(iamMock, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestGroupIDUpdate/base.tf"), + Check: resource.ComposeTestCheckFunc( + baseCheckName, + baseCheckGroupID, + baseCheckCnameFrom, + commonBaseChecks), + }, + { + Config: testutils.LoadFixtureString(t, test.configPathForUpdate), + Check: test.updateChecks, + }, + }, + }) + }) + }) + + papiMock.AssertExpectations(t) + iamMock.AssertExpectations(t) + }) + } +} + func TestPropertyResource_versionNotesLifecycle(t *testing.T) { testdataDir := "testdata/TestResProperty/Lifecycle/versionNotes" resourceName := "akamai_property.test" diff --git a/pkg/providers/property/testdata/TestGroupIDUpdate/base.tf b/pkg/providers/property/testdata/TestGroupIDUpdate/base.tf new file mode 100644 index 000000000..bac35d9dd --- /dev/null +++ b/pkg/providers/property/testdata/TestGroupIDUpdate/base.tf @@ -0,0 +1,16 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_property" "test" { + name = "dummy_name" + group_id = "grp_1" + contract_id = "ctr_2" + product_id = "prd_3" + + hostnames { + cname_to = "to.test.domain" + cname_from = "from.test.domain" + cert_provisioning_type = "DEFAULT" + } +} diff --git a/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id.tf b/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id.tf new file mode 100644 index 000000000..cbeecc21a --- /dev/null +++ b/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id.tf @@ -0,0 +1,16 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_property" "test" { + name = "dummy_name" + group_id = "grp_111" + contract_id = "ctr_2" + product_id = "prd_3" + + hostnames { + cname_to = "to.test.domain" + cname_from = "from.test.domain" + cert_provisioning_type = "DEFAULT" + } +} diff --git a/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_hostnames.tf b/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_hostnames.tf new file mode 100644 index 000000000..23c4c011a --- /dev/null +++ b/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_hostnames.tf @@ -0,0 +1,16 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_property" "test" { + name = "dummy_name" + group_id = "grp_111" + contract_id = "ctr_2" + product_id = "prd_3" + + hostnames { + cname_to = "to.test.domain" + cname_from = "from2.test.domain" + cert_provisioning_type = "DEFAULT" + } +} diff --git a/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_name.tf b/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_name.tf new file mode 100644 index 000000000..6284d91f5 --- /dev/null +++ b/pkg/providers/property/testdata/TestGroupIDUpdate/update_group_id_and_name.tf @@ -0,0 +1,16 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_property" "test" { + name = "dummy_name2" + group_id = "grp_111" + contract_id = "ctr_2" + product_id = "prd_3" + + hostnames { + cname_to = "to.test.domain" + cname_from = "from.test.domain" + cert_provisioning_type = "DEFAULT" + } +} diff --git a/pkg/providers/property/testdata/TestResPropertyBootstrap/update_name.tf b/pkg/providers/property/testdata/TestResPropertyBootstrap/update_name.tf new file mode 100644 index 000000000..25054a5f6 --- /dev/null +++ b/pkg/providers/property/testdata/TestResPropertyBootstrap/update_name.tf @@ -0,0 +1,10 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_property_bootstrap" "test" { + name = "property_name2" + group_id = "grp_1" + contract_id = "ctr_2" + product_id = "prd_3" +} \ No newline at end of file diff --git a/pkg/providers/property/testdata/TestResPropertyBootstrap/update_name_and_group.tf b/pkg/providers/property/testdata/TestResPropertyBootstrap/update_name_and_group.tf new file mode 100644 index 000000000..f50fd989e --- /dev/null +++ b/pkg/providers/property/testdata/TestResPropertyBootstrap/update_name_and_group.tf @@ -0,0 +1,10 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" +} + +resource "akamai_property_bootstrap" "test" { + name = "property_name2" + group_id = "grp_93" + contract_id = "ctr_2" + product_id = "prd_3" +} \ No newline at end of file From a57b5f3ef75e71c0f51926617e26e06c4c2eac7c Mon Sep 17 00:00:00 2001 From: Chaitanya Sanjay Bhangale Date: Tue, 30 Jul 2024 14:16:38 +0000 Subject: [PATCH 09/17] SECKSD-24636 Fixed issue where network_list_activations not triggering activation after network list change --- CHANGELOG.md | 3 +- ...resource_akamai_networklist_activations.go | 10 ----- ...rce_akamai_networklist_activations_test.go | 38 ++++++------------- .../TestResActivations/update_by_id.tf | 2 +- 4 files changed, 14 insertions(+), 39 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index afa7920b9..516c592f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -65,7 +65,8 @@ - +* Appsec + * Fixed issue where activation was not triggered after network list change in `resource_akamai_networklist_activations` resource [I#518](https://github.com/akamai/terraform-provider-akamai/issues/518) diff --git a/pkg/providers/networklists/resource_akamai_networklist_activations.go b/pkg/providers/networklists/resource_akamai_networklist_activations.go index 8a3f6054c..804e6eca8 100644 --- a/pkg/providers/networklists/resource_akamai_networklist_activations.go +++ b/pkg/providers/networklists/resource_akamai_networklist_activations.go @@ -196,16 +196,6 @@ func resourceActivationsRead(ctx context.Context, d *schema.ResourceData, m inte return diag.FromErr(err) } - // Get the current syncpoint of this network list, which may have changed since this activation was created. - networkListID := getResponse.NetworkList.UniqueID - networklist, err := client.GetNetworkList(ctx, networklists.GetNetworkListRequest{UniqueID: networkListID}) - if err != nil { - return diag.FromErr(err) - } - - if err = d.Set("sync_point", networklist.SyncPoint); err != nil { - return diag.FromErr(err) - } d.SetId(strconv.Itoa(getResponse.ActivationID)) return nil diff --git a/pkg/providers/networklists/resource_akamai_networklist_activations_test.go b/pkg/providers/networklists/resource_akamai_networklist_activations_test.go index fe8cdbe17..6321fe0f9 100644 --- a/pkg/providers/networklists/resource_akamai_networklist_activations_test.go +++ b/pkg/providers/networklists/resource_akamai_networklist_activations_test.go @@ -32,7 +32,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { require.NoError(t, err) client.On("CreateActivations", - mock.Anything, // ctx is irrelevant for this test + mock.Anything, networklists.CreateActivationsRequest{UniqueID: "86093_AGEOLIST", Action: "ACTIVATE", Network: "STAGING", Comments: "Test Notes", NotificationRecipients: []string{"user@example.com"}}, ).Return(&cr, nil) @@ -41,11 +41,6 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { networklists.GetActivationRequest{ActivationID: 547694}, ).Return(&ar, nil) - client.On("GetNetworkList", - mock.Anything, - networklists.GetNetworkListRequest{UniqueID: "86093_AGEOLIST"}, - ).Return(&networklists.GetNetworkListResponse{SyncPoint: 0}, nil) - client.On("CreateActivations", mock.Anything, // ctx is irrelevant for this test networklists.CreateActivationsRequest{UniqueID: "86093_AGEOLIST", Action: "ACTIVATE", Network: "PRODUCTION", Comments: "Test Notes Updated", NotificationRecipients: []string{"user@example.com"}}, @@ -63,6 +58,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "STAGING"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, { @@ -72,6 +68,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "PRODUCTION"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes Updated"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "1"), ), }, }, @@ -110,11 +107,6 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { networklists.GetActivationRequest{ActivationID: 547694}, ).Return(&ar, nil) - client.On("GetNetworkList", - mock.Anything, - networklists.GetNetworkListRequest{UniqueID: "86093_AGEOLIST"}, - ).Return(&networklists.GetNetworkListResponse{SyncPoint: 0}, nil) - // update only note field change suppressed useClient(client, func() { @@ -129,6 +121,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "STAGING"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, { @@ -138,6 +131,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "STAGING"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, }, @@ -177,13 +171,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { networklists.GetActivationRequest{ActivationID: 547694}, ).Return(&ar, nil) - client.On("GetNetworkList", - mock.Anything, - networklists.GetNetworkListRequest{UniqueID: "86093_AGEOLIST"}, - ).Return(&networklists.GetNetworkListResponse{SyncPoint: 0}, nil) - // Verify notification_emails field change is suppressed when nothing else changes - useClient(client, func() { resource.Test(t, resource.TestCase{ IsUnitTest: true, @@ -196,6 +184,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "STAGING"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, { @@ -206,6 +195,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), // Even when notification_emails changes, there is nothing to update resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, }, @@ -245,11 +235,6 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { networklists.GetActivationRequest{ActivationID: 547694}, ).Return(&ar, nil) - client.On("GetNetworkList", - mock.Anything, - networklists.GetNetworkListRequest{UniqueID: "86093_AGEOLIST"}, - ).Return(&networklists.GetNetworkListResponse{SyncPoint: 0}, nil) - client.On("CreateActivations", mock.Anything, // ctx is irrelevant for this test networklists.CreateActivationsRequest{UniqueID: "86093_AGEOLIST", Action: "ACTIVATE", Network: "PRODUCTION", Comments: "Test Notes", NotificationRecipients: []string{"user1@example.com"}}, @@ -269,6 +254,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "STAGING"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, { @@ -279,6 +265,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), // Since network and notification_emails changes, there is an update to the notification_emails resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user1@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, }, @@ -322,11 +309,6 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { networklists.GetActivationRequest{ActivationID: 547694}, ).Return(&ar, nil) - client.On("GetNetworkList", - mock.Anything, - networklists.GetNetworkListRequest{UniqueID: "86093_AGEOLIST"}, - ).Return(&networklists.GetNetworkListResponse{SyncPoint: 0}, nil) - client.On("CreateActivations", mock.Anything, networklists.CreateActivationsRequest{UniqueID: "86093_AGEOLIST", Action: "ACTIVATE", Network: "PRODUCTION", Comments: "Test Notes Updated", NotificationRecipients: []string{"user@example.com"}}, @@ -344,6 +326,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "STAGING"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "0"), ), }, { @@ -353,6 +336,7 @@ func TestAccAkamaiActivations_res_basic(t *testing.T) { resource.TestCheckResourceAttr("akamai_networklist_activations.test", "network", "PRODUCTION"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notes", "Test Notes Updated"), resource.TestCheckResourceAttr("akamai_networklist_activations.test", "notification_emails.0", "user@example.com"), + resource.TestCheckResourceAttr("akamai_networklist_activations.test", "sync_point", "1"), ), }, }, diff --git a/pkg/providers/networklists/testdata/TestResActivations/update_by_id.tf b/pkg/providers/networklists/testdata/TestResActivations/update_by_id.tf index b60ac9352..6d6fd68c4 100644 --- a/pkg/providers/networklists/testdata/TestResActivations/update_by_id.tf +++ b/pkg/providers/networklists/testdata/TestResActivations/update_by_id.tf @@ -7,6 +7,6 @@ resource "akamai_networklist_activations" "test" { network = "PRODUCTION" notes = "Test Notes Updated" notification_emails = ["user@example.com"] - sync_point = 0 + sync_point = 1 } From caeaf008e113820319c5a768bfc4deea4ce39acc Mon Sep 17 00:00:00 2001 From: Shubham Kabra Date: Thu, 1 Aug 2024 13:02:49 +0000 Subject: [PATCH 10/17] SECKSD-25367 Fixed `terraform import akamai_appsec_match_target` for newly created security configuration or any security configuration not synced in the terraform state --- CHANGELOG.md | 2 + .../resource_akamai_appsec_match_target.go | 56 ++++++++++++++++- ...esource_akamai_appsec_match_target_test.go | 60 +++++++++++++++++++ 3 files changed, 117 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 516c592f7..ad65d205b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,6 +63,8 @@ #### BUG FIXES: +* Appsec + * Fixed import of `akamai_appsec_match_target` for newly created security configuration or any security configuration not synced in the terraform state [I#546](https://github.com/akamai/terraform-provider-akamai/issues/546)) * Appsec diff --git a/pkg/providers/appsec/resource_akamai_appsec_match_target.go b/pkg/providers/appsec/resource_akamai_appsec_match_target.go index 33b4803de..9f703002a 100644 --- a/pkg/providers/appsec/resource_akamai_appsec_match_target.go +++ b/pkg/providers/appsec/resource_akamai_appsec_match_target.go @@ -30,7 +30,7 @@ func resourceMatchTarget() *schema.Resource { VerifyIDUnchanged, ), Importer: &schema.ResourceImporter{ - StateContext: schema.ImportStatePassthroughContext, + StateContext: resourceMatchTargetImport, }, Schema: map[string]*schema.Schema{ "config_id": { @@ -153,6 +153,60 @@ func resourceMatchTargetRead(ctx context.Context, d *schema.ResourceData, m inte return nil } +func resourceMatchTargetImport(ctx context.Context, d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + meta := meta.Must(m) + client := inst.Client(meta) + logger := meta.Log("APPSEC", "resourceMatchTargetImport") + logger.Debugf("in resourceMatchTargetImport") + + iDParts, err := splitID(d.Id(), 2, "configID:matchTargetID") + if err != nil { + return nil, err + } + + configID, err := strconv.Atoi(iDParts[0]) + if err != nil { + return nil, err + } + version, err := getLatestConfigVersion(ctx, configID, m) + if err != nil { + return nil, err + } + targetID, err := strconv.Atoi(iDParts[1]) + if err != nil { + return nil, err + } + + getMatchTarget := appsec.GetMatchTargetRequest{ + ConfigID: configID, + ConfigVersion: version, + TargetID: targetID, + } + + matchtarget, err := client.GetMatchTarget(ctx, getMatchTarget) + if err != nil { + logger.Errorf("calling 'getMatchTarget': %s", err.Error()) + return nil, err + } + + jsonBody, err := json.Marshal(matchtarget) + if err != nil { + return nil, err + } + if err := d.Set("config_id", configID); err != nil { + return nil, err + } + if err := d.Set("match_target", string(jsonBody)); err != nil { + return nil, err + } + if err := d.Set("match_target_id", matchtarget.TargetID); err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil + +} + func resourceMatchTargetUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { meta := meta.Must(m) client := inst.Client(meta) diff --git a/pkg/providers/appsec/resource_akamai_appsec_match_target_test.go b/pkg/providers/appsec/resource_akamai_appsec_match_target_test.go index c2c931834..301a3e643 100644 --- a/pkg/providers/appsec/resource_akamai_appsec_match_target_test.go +++ b/pkg/providers/appsec/resource_akamai_appsec_match_target_test.go @@ -228,6 +228,66 @@ func TestAkamaiMatchTarget_res_basic(t *testing.T) { client.AssertExpectations(t) }) + t.Run("Import match target resource", func(t *testing.T) { + client := &appsec.Mock{} + getMatchTargetResponse := appsec.GetMatchTargetResponse{} + err := json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResMatchTarget/MatchTargetSequenceChanged.json"), &getMatchTargetResponse) + require.NoError(t, err) + + createMatchTargetResponse := appsec.CreateMatchTargetResponse{} + err = json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResMatchTarget/MatchTargetCreated.json"), &createMatchTargetResponse) + require.NoError(t, err) + + removeMatchTargetResponse := appsec.RemoveMatchTargetResponse{} + err = json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResMatchTarget/MatchTargetCreated.json"), &removeMatchTargetResponse) + require.NoError(t, err) + + config := appsec.GetConfigurationResponse{} + err = json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResConfiguration/LatestConfiguration.json"), &config) + require.NoError(t, err) + + client.On("GetConfiguration", + mock.Anything, + appsec.GetConfigurationRequest{ConfigID: 43253}, + ).Return(&config, nil) + + client.On("GetMatchTarget", + mock.Anything, + appsec.GetMatchTargetRequest{ConfigID: 43253, ConfigVersion: 7, TargetID: 3008967}, + ).Return(&getMatchTargetResponse, nil) + + createMatchTargetJSON := testutils.LoadFixtureBytes(t, "testdata/TestResMatchTarget/CreateMatchTarget.json") + client.On("CreateMatchTarget", + mock.Anything, + appsec.CreateMatchTargetRequest{ConfigID: 43253, ConfigVersion: 7, JsonPayloadRaw: createMatchTargetJSON}, + ).Return(&createMatchTargetResponse, nil) + + client.On("RemoveMatchTarget", + mock.Anything, + appsec.RemoveMatchTargetRequest{ConfigID: 43253, ConfigVersion: 7, TargetID: 3008967}, + ).Return(&removeMatchTargetResponse, nil) + + useClient(client, func() { + resource.Test(t, resource.TestCase{ + IsUnitTest: true, + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestResMatchTarget/match_by_id.tf"), + }, + { + ImportState: true, + ImportStateVerify: true, + ImportStateId: "43253:3008967", + ResourceName: "akamai_appsec_match_target.test", + }, + }, + }) + }) + + client.AssertExpectations(t) + }) + } func compactJSON(message string) string { From f02a3e4f1d1dfa3b7630bf01097f19a19284cbad Mon Sep 17 00:00:00 2001 From: Praveen Sathyesh Venkata Rao Date: Mon, 12 Aug 2024 13:13:21 +0000 Subject: [PATCH 11/17] SECKSD-25652 Added override for requestbody at policy level --- CHANGELOG.md | 2 + ...i_appsec_advanced_settings_request_body.go | 23 +++- ...sec_advanced_settings_request_body_test.go | 2 +- ...i_appsec_advanced_settings_request_body.go | 37 +++++- ...sec_advanced_settings_request_body_test.go | 111 +++++++++++++----- pkg/providers/appsec/templates.go | 5 +- .../AdvancedSettingsRequestBodyPolicy.json | 4 + .../ExportConfiguration.json | 4 + .../AdvancedSettingsRequestBody32.json | 4 + .../AdvancedSettingsRequestBodyDisabled.json | 4 + .../AdvancedSettingsRequestBodyPolicy.json | 4 + .../update_by_policy_32.tf | 11 ++ .../update_by_policy_id.tf | 7 +- .../update_by_policy_id_disable.tf | 11 ++ 14 files changed, 186 insertions(+), 43 deletions(-) create mode 100644 pkg/providers/appsec/testdata/TestDSAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json create mode 100644 pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody32.json create mode 100644 pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json create mode 100644 pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json create mode 100644 pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_32.tf create mode 100644 pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id_disable.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index ad65d205b..87cefdb7a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ #### FEATURES/ENHANCEMENTS: +* Appsec + * Added `request_body_inspection_limit_override` field to `akamai_appsec_advanced_settings_request_body` resource * Global diff --git a/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body.go b/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body.go index f094c431a..15f830de1 100644 --- a/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body.go +++ b/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body.go @@ -74,12 +74,23 @@ func dataSourceAdvancedSettingsRequestBodyRead(ctx context.Context, d *schema.Re ots := OutputTemplates{} InitTemplates(ots) - outputText, err := RenderTemplates(ots, "advancedSettingsRequestBodyDS", advancedSettingsRequestBody) - if err != nil { - return diag.FromErr(err) - } - if err := d.Set("output_text", outputText); err != nil { - return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) + if policyID != "" { + outputText, err := RenderTemplates(ots, "advancedSettingsRequestBodyPolicyDS", advancedSettingsRequestBody) + if err != nil { + return diag.FromErr(err) + } + if err := d.Set("output_text", outputText); err != nil { + return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) + } + + } else { + outputText, err := RenderTemplates(ots, "advancedSettingsRequestBodyDS", advancedSettingsRequestBody) + if err != nil { + return diag.FromErr(err) + } + if err := d.Set("output_text", outputText); err != nil { + return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) + } } jsonBody, err := json.Marshal(advancedSettingsRequestBody) diff --git a/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body_test.go b/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body_test.go index 8ad47ce50..6d8a3b28c 100644 --- a/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body_test.go +++ b/pkg/providers/appsec/data_akamai_appsec_advanced_settings_request_body_test.go @@ -67,7 +67,7 @@ func TestAkamaiAdvancedSettingsRequestBodyDataBasicPolicyID(t *testing.T) { ).Return(&config, nil) getRequestBodyResponse := appsec.GetAdvancedSettingsRequestBodyResponse{} - err = json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestDSAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json"), &getRequestBodyResponse) + err = json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestDSAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json"), &getRequestBodyResponse) require.NoError(t, err) client.On("GetAdvancedSettingsRequestBody", diff --git a/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body.go b/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body.go index 16fcae98d..76d685985 100644 --- a/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body.go +++ b/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body.go @@ -43,6 +43,12 @@ func resourceAdvancedSettingsRequestBody() *schema.Resource { Required: true, Description: "Request body inspection size limit in KB allowed values are 'default', 8, 16, 32", }, + "request_body_inspection_limit_override": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Indicates if the Request body inspection size should be overridden at policy", + }, }, } } @@ -103,6 +109,11 @@ func resourceAdvancedSettingsRequestBodyImport(ctx context.Context, d *schema.Re if err := d.Set("request_body_inspection_limit", advancedSettingsRequestBody.RequestBodyInspectionLimitInKB); err != nil { return nil, err } + if getAdvancedSettingsRequestBody.PolicyID != "" { + if err := d.Set("request_body_inspection_limit_override", advancedSettingsRequestBody.RequestBodyInspectionLimitOverride); err != nil { + return nil, err + } + } return []*schema.ResourceData{d}, nil } @@ -136,12 +147,20 @@ func upsertAdvancedSettingsRequestBody(ctx context.Context, d *schema.ResourceDa return diag.FromErr(err) } - _, err = client.UpdateAdvancedSettingsRequestBody(ctx, appsec.UpdateAdvancedSettingsRequestBodyRequest{ + req := appsec.UpdateAdvancedSettingsRequestBodyRequest{ ConfigID: configID, Version: version, PolicyID: policyID, RequestBodyInspectionLimitInKB: appsec.RequestBodySizeLimit(requestBodyInspectionLimitInKB), - }) + } + if policyID != "" { + override, err := tf.GetBoolValue("request_body_inspection_limit_override", d) + if err != nil { + return diag.FromErr(err) + } + req.RequestBodyInspectionLimitOverride = override + } + _, err = client.UpdateAdvancedSettingsRequestBody(ctx, req) if err != nil { return diag.FromErr(err) } @@ -189,6 +208,11 @@ func resourceAdvancedSettingsRequestBodyRead(ctx context.Context, d *schema.Reso return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) } + if policyID != "" { + if err := d.Set("request_body_inspection_limit_override", advancedSettingsRequestBody.RequestBodyInspectionLimitOverride); err != nil { + return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) + } + } return nil } @@ -219,16 +243,21 @@ func resourceAdvancedSettingsRequestBodyDelete(ctx context.Context, d *schema.Re return diag.FromErr(err) } - removeAdvancedSettingsRequestBody := appsec.RemoveAdvancedSettingsRequestBodyRequest{ + req := appsec.RemoveAdvancedSettingsRequestBodyRequest{ ConfigID: configID, Version: version, PolicyID: policyID, RequestBodyInspectionLimitInKB: appsec.Default, } - _, err = client.RemoveAdvancedSettingsRequestBody(ctx, removeAdvancedSettingsRequestBody) + if policyID != "" { + req.RequestBodyInspectionLimitOverride = false + } + + _, err = client.RemoveAdvancedSettingsRequestBody(ctx, req) if err != nil { return diag.FromErr(err) } + d.SetId("") return nil } diff --git a/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body_test.go b/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body_test.go index df61f36fc..55a1effd5 100644 --- a/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body_test.go +++ b/pkg/providers/appsec/resource_akamai_appsec_advanced_settings_request_body_test.go @@ -26,9 +26,9 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { return configResponse } - requestBodyRead = func(t *testing.T, configId int, version int, policyId string, client *appsec.Mock, numberOfTimes int) { + requestBodyRead = func(t *testing.T, configId int, version int, policyId string, client *appsec.Mock, numberOfTimes int, filePath string) { requestBodyResponse := appsec.GetAdvancedSettingsRequestBodyResponse{} - err := json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json"), &requestBodyResponse) + err := json.Unmarshal(testutils.LoadFixtureBytes(t, filePath), &requestBodyResponse) require.NoError(t, err) client.On("GetAdvancedSettingsRequestBody", @@ -38,9 +38,9 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { } - updateRequestBody = func(t *testing.T, updateRequestBody appsec.UpdateAdvancedSettingsRequestBodyRequest, client *appsec.Mock, numberOfTimes int) { + updateRequestBody = func(t *testing.T, updateRequestBody appsec.UpdateAdvancedSettingsRequestBodyRequest, client *appsec.Mock, numberOfTimes int, filePath string) { updateRequestBodyResponse := appsec.UpdateAdvancedSettingsRequestBodyResponse{} - err := json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json"), &updateRequestBodyResponse) + err := json.Unmarshal(testutils.LoadFixtureBytes(t, filePath), &updateRequestBodyResponse) require.NoError(t, err) client.On("UpdateAdvancedSettingsRequestBody", @@ -49,9 +49,9 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { } - removeRequestBody = func(t *testing.T, updateRequestBody appsec.RemoveAdvancedSettingsRequestBodyRequest, client *appsec.Mock, numberOfTimes int) { + removeRequestBody = func(t *testing.T, updateRequestBody appsec.RemoveAdvancedSettingsRequestBodyRequest, client *appsec.Mock, numberOfTimes int, filePath string) { removeRequestBodyResponse := appsec.RemoveAdvancedSettingsRequestBodyResponse{} - err := json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json"), &removeRequestBodyResponse) + err := json.Unmarshal(testutils.LoadFixtureBytes(t, filePath), &removeRequestBodyResponse) require.NoError(t, err) client.On("RemoveAdvancedSettingsRequestBody", @@ -65,14 +65,14 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { client := &appsec.Mock{} configResponse := configVersion(t, 43253, client) - requestBodyRead(t, 43253, 7, "", client, 2) - updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: 7, PolicyID: "", RequestBodyInspectionLimitInKB: appsec.Limit16KB} + requestBodyRead(t, 43253, 7, "", client, 2, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") - updateRequestBody(t, updateRequestBodyRequest, client, 1) + updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: 7, PolicyID: "", RequestBodyInspectionLimitInKB: appsec.Limit16KB} + updateRequestBody(t, updateRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: 7, PolicyID: "", RequestBodyInspectionLimitInKB: appsec.Default} - removeRequestBody(t, removeRequestBodyRequest, client, 1) + removeRequestBody(t, removeRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") useClient(client, func() { resource.Test(t, resource.TestCase{ IsUnitTest: true, @@ -96,14 +96,15 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { configResponse := configVersion(t, 43253, client) - requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "", client, 4) + requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "", client, 4, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") + updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "", RequestBodyInspectionLimitInKB: appsec.Limit16KB} - updateRequestBody(t, updateRequestBodyRequest, client, 1) + updateRequestBody(t, updateRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "", RequestBodyInspectionLimitInKB: appsec.Default} - removeRequestBody(t, removeRequestBodyRequest, client, 1) + removeRequestBody(t, removeRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") useClient(client, func() { resource.UnitTest(t, resource.TestCase{ @@ -113,10 +114,11 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { Config: testutils.LoadFixtureString(t, "testdata/TestResAdvancedSettingsRequestBody/match_by_id.tf"), }, { - ImportState: true, - ImportStateVerify: true, - ImportStateId: "43253", - ResourceName: "akamai_appsec_advanced_settings_request_body.test", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"request_body_inspection_limit_override"}, + ImportStateId: "43253", + ResourceName: "akamai_appsec_advanced_settings_request_body.test", }, }, }) @@ -128,15 +130,15 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { configResponse := configVersion(t, 43253, client) - requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "test_policy", client, 4) + requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "test_policy", client, 4, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json") - updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit16KB} + updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit16KB, RequestBodyInspectionLimitOverride: true} - updateRequestBody(t, updateRequestBodyRequest, client, 1) + updateRequestBody(t, updateRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") - removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Default} + removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Default, RequestBodyInspectionLimitOverride: false} - removeRequestBody(t, removeRequestBodyRequest, client, 1) + removeRequestBody(t, removeRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json") useClient(client, func() { resource.UnitTest(t, resource.TestCase{ @@ -161,15 +163,19 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { configResponse := configVersion(t, 43253, client) - requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "test_policy", client, 2) + requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "test_policy", client, 5, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json") + + updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit16KB, RequestBodyInspectionLimitOverride: true} - updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit16KB} + updateRequestBody(t, updateRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody.json") - updateRequestBody(t, updateRequestBodyRequest, client, 1) + updateRequestBodyRequestWithVal := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit32KB, RequestBodyInspectionLimitOverride: true} - removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Default} + updateRequestBody(t, updateRequestBodyRequestWithVal, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody32.json") - removeRequestBody(t, removeRequestBodyRequest, client, 1) + removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Default, RequestBodyInspectionLimitOverride: false} + + removeRequestBody(t, removeRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json") useClient(client, func() { resource.Test(t, resource.TestCase{ @@ -182,10 +188,61 @@ func TestAkamaiAdvancedSettingsRequestBodyResConfig(t *testing.T) { resource.TestCheckResourceAttr("akamai_appsec_advanced_settings_request_body.policy", "id", "43253:test_policy"), ), }, + { + Config: testutils.LoadFixtureString(t, "testdata/TestResAdvancedSettingsRequestBody/update_by_policy_32.tf"), + ExpectNonEmptyPlan: true, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("akamai_appsec_advanced_settings_request_body.policy", "id", "43253:test_policy"), + ), + }, }, }) }) client.AssertExpectations(t) }) + t.Run("match by AdvancedSettingsRequestBodyPolicyIDDisable", func(t *testing.T) { + client := &appsec.Mock{} + + configResponse := configVersion(t, 43253, client) + + requestBodyRead(t, configResponse.ID, configResponse.LatestVersion, "test_policy", client, 5, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json") + + // create + updateRequestBodyRequest := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit16KB, RequestBodyInspectionLimitOverride: true} + + updateRequestBody(t, updateRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json") + + //update + updateRequestBodyRequestDisable := appsec.UpdateAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Limit32KB, RequestBodyInspectionLimitOverride: false} + + updateRequestBody(t, updateRequestBodyRequestDisable, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json") + + //delete + removeRequestBodyRequest := appsec.RemoveAdvancedSettingsRequestBodyRequest{ConfigID: configResponse.ID, Version: configResponse.LatestVersion, PolicyID: "test_policy", RequestBodyInspectionLimitInKB: appsec.Default, RequestBodyInspectionLimitOverride: false} + + removeRequestBody(t, removeRequestBodyRequest, client, 1, "testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json") + + useClient(client, func() { + resource.Test(t, resource.TestCase{ + IsUnitTest: true, + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id.tf"), + }, + { + Config: testutils.LoadFixtureString(t, "testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id_disable.tf"), + ExpectNonEmptyPlan: true, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("akamai_appsec_advanced_settings_request_body.policy", "id", "43253:test_policy"), + ), + }, + }, + }) + }) + + client.AssertExpectations(t) + }) + } diff --git a/pkg/providers/appsec/templates.go b/pkg/providers/appsec/templates.go index e338e5873..e2d34d311 100644 --- a/pkg/providers/appsec/templates.go +++ b/pkg/providers/appsec/templates.go @@ -273,7 +273,8 @@ func InitTemplates(otm map[string]*OutputTemplate) { otm["advancedSettingsPIILearningDS"] = &OutputTemplate{TemplateName: "advancedSettingsPIILearningDS", TableTitle: "Enable PII Learning", TemplateType: "TABULAR", TemplateString: "{{.EnablePIILearning}}"} otm["advancedSettingsPrefetchDS"] = &OutputTemplate{TemplateName: "advancedSettingsPrefetchDS", TableTitle: "Enable App Layer|All Extension|Enable Rate Controls|Extensions", TemplateType: "TABULAR", TemplateString: "{{.EnableAppLayer}}|{{.AllExtensions}}|{{.EnableRateControls}}|{{range $index, $element := .Extensions}}{{.}} {{end}}"} otm["advancedSettingsPragmaHeaderDS"] = &OutputTemplate{TemplateName: "Pragma header excluded conditions", TableTitle: "Action|Condition Operator|Exclude Conditions", TemplateType: "TABULAR", TemplateString: "{{.Action}}|{{.ConditionOperator}}|{{.ExcludeCondition}}"} - otm["advancedSettingsRequestBodyDS"] = &OutputTemplate{TemplateName: "advancedSettingsRequestBodyDS", TableTitle: "Request Body Inspection Limit", TemplateType: "TABULAR", TemplateString: "{{.RequestBodyInspectionLimitInKB}}"} + otm["advancedSettingsRequestBodyDS"] = &OutputTemplate{TemplateName: "advancedSettingsRequestBodyDS", TableTitle: "Request Body Inspection Limit ", TemplateType: "TABULAR", TemplateString: "{{.RequestBodyInspectionLimitInKB}}"} + otm["advancedSettingsRequestBodyPolicyDS"] = &OutputTemplate{TemplateName: "advancedSettingsRequestBodyPolicyDS", TableTitle: "Request Body Inspection Limit | Request Body Inspection Limit Override", TemplateType: "TABULAR", TemplateString: "{{.RequestBodyInspectionLimitInKB}}|{{.RequestBodyInspectionLimitOverride}}"} otm["apiHostnameCoverageMatchTargetsDS"] = &OutputTemplate{TemplateName: "apiHostnameCoverageMatchTargetsDS", TableTitle: "Hostnames|Target ID|Type", TemplateType: "TABULAR", TemplateString: "{{range $index, $element := .MatchTargets.WebsiteTargets}}{{if $index}},{{end}}{{.Hostnames}}|{{.TargetID}}|{{.Type}}{{end}}"} otm["apiHostnameCoverageoverLappingDS"] = &OutputTemplate{TemplateName: "apiHostnameCoverageoverLappingDS", TableTitle: "ID|Name|Version|Contract ID|Contract Name", TemplateType: "TABULAR", TemplateString: "{{range $index, $element := .OverLappingList}}{{if $index}},{{end}}{{.ConfigID}}|{{.ConfigName}}|{{.ConfigVersion}}|{{.ContractID}}|{{.ContractName}}{{end}}"} @@ -343,7 +344,7 @@ func InitTemplates(otm map[string]*OutputTemplate) { otm["AdvancedSettingsEvasivePathMatch.tf"] = &OutputTemplate{TemplateName: "AdvancedSettingsEvasivePathMatch.tf", TableTitle: "AdvancedSettingsEvasivePathMatch", TemplateType: "TERRAFORM", TemplateString: "\n {{ $config := .ConfigID }}{{ $version := .Version }}{{ $prev_secpolicy := \"\" }}{{range $index1, $element := .SecurityPolicies}}{{$prev_secpolicy := .ID}}{{if .EvasivePathMatch}}\n// terraform import akamai_appsec_advanced_settings_evasive_path_match.akamai_appsec_advanced_settings_evasive_path_match_policy{{if $index1}}_{{$index1}}{{end}} {{$config}}:{{$prev_secpolicy}} \nresource \"akamai_appsec_advanced_settings_evasive_path_match\" \"akamai_appsec_advanced_settings_evasive_path_match_policy{{if $index1}}_{{$index1}}{{end}}\" { \n config_id = {{$config}}\n security_policy_id = \"{{$prev_secpolicy}}\" \n enable_path_match = {{.EvasivePathMatch.EnablePathMatch}} \n }\n{{end}}{{end}}"} otm["AdvancedSettingsPragmaHeader.tf"] = &OutputTemplate{TemplateName: "AdvancedSettingsPragmaHeader.tf", TableTitle: "AdvancedSettingsPragmaHeader", TemplateType: "TERRAFORM", TemplateString: "\n// terraform import akamai_appsec_advanced_settings_pragma_header.akamai_appsec_advanced_settings_pragma_header {{.ConfigID}} \nresource \"akamai_appsec_advanced_settings_pragma_header\" \"akamai_appsec_advanced_settings_pragma_header\" { \n config_id = {{.ConfigID}}\n pragma_header = <<-EOF\n {{marshal .AdvancedOptions.PragmaHeader}} \n EOF \n } \n {{ $config := .ConfigID }}{{ $version := .Version }}{{ $prev_secpolicy := \"\" }}{{range $index1, $element := .SecurityPolicies}}{{$prev_secpolicy := .ID}}{{if .PragmaHeader}}\n// terraform import akamai_appsec_advanced_settings_pragma_header.pragma_header_policy{{if $index1}}_{{$index1}}{{end}} {{$config}}:{{$prev_secpolicy}} \nresource \"akamai_appsec_advanced_settings_pragma_header\" \"pragma_header_policy{{if $index1}}_{{$index1}}{{end}}\" { \n config_id = {{$config}}\n security_policy_id = \"{{$prev_secpolicy}}\" \n pragma_header = <<-EOF\n {{marshal .PragmaHeader}} \n \n EOF \n \n }\n{{end}} {{end}}"} otm["AdvancedSettingsPrefetch.tf"] = &OutputTemplate{TemplateName: "AdvancedSettingsPrefetch.tf", TableTitle: "AdvancedSettingsPrefetch", TemplateType: "TERRAFORM", TemplateString: "\n// terraform import akamai_appsec_advanced_settings_prefetch.akamai_appsec_advanced_settings_prefetch {{.ConfigID}} \nresource \"akamai_appsec_advanced_settings_prefetch\" \"akamai_appsec_advanced_settings_prefetch\" { \n config_id = {{.ConfigID}}\n enable_app_layer = {{.AdvancedOptions.Prefetch.EnableAppLayer}} \n all_extensions = {{.AdvancedOptions.Prefetch.AllExtensions}}\n enable_rate_controls = {{.AdvancedOptions.Prefetch.EnableRateControls}}\n extensions = [{{ range $index, $element := .AdvancedOptions.Prefetch.Extensions }}{{if $index}},{{end}}{{quote .}}{{end}}] \n } \n"} - otm["AdvancedSettingsRequestBody.tf"] = &OutputTemplate{TemplateName: "AdvancedSettingsRequestBody.tf", TableTitle: "AdvancedSettingsRequestBody", TemplateType: "TERRAFORM", TemplateString: "\n {{ $config := .ConfigID }}{{ $version := .Version }}{{ $prev_secpolicy := \"\" }}{{range $index1, $element := .SecurityPolicies}}{{$prev_secpolicy := .ID}}{{if .RequestBody}}\n// terraform import akamai_appsec_advanced_settings_request_body.akamai_appsec_advanced_settings_request_body_policy{{if $index1}}_{{$index1}}{{end}} {{$config}}:{{$prev_secpolicy}} \nresource \"akamai_appsec_advanced_settings_request_body\" \"akamai_appsec_advanced_settings_request_body_policy{{if $index1}}_{{$index1}}{{end}}\" { \n config_id = {{$config}}\n security_policy_id = \"{{$prev_secpolicy}}\" \n request_body_inspection_limit = {{.RequestBody.RequestBodyInspectionLimitInKB}} \n }\n{{end}}{{end}}"} + otm["AdvancedSettingsRequestBody.tf"] = &OutputTemplate{TemplateName: "AdvancedSettingsRequestBody.tf", TableTitle: "AdvancedSettingsRequestBody", TemplateType: "TERRAFORM", TemplateString: "\n {{ $config := .ConfigID }}{{ $version := .Version }}{{ $prev_secpolicy := \"\" }}{{range $index1, $element := .SecurityPolicies}}{{$prev_secpolicy := .ID}}{{if .RequestBody}}\n// terraform import akamai_appsec_advanced_settings_request_body.akamai_appsec_advanced_settings_request_body_policy{{if $index1}}_{{$index1}}{{end}} {{$config}}:{{$prev_secpolicy}} \nresource \"akamai_appsec_advanced_settings_request_body\" \"akamai_appsec_advanced_settings_request_body_policy{{if $index1}}_{{$index1}}{{end}}\" { \n config_id = {{$config}}\n security_policy_id = \"{{$prev_secpolicy}}\" \n request_body_inspection_limit = {{.RequestBody.RequestBodyInspectionLimitInKB}} \n request_body_inspection_limit_override = {{.RequestBody.RequestBodyInspectionLimitOverride}} \n }\n{{end}}{{end}}"} otm["ApiRequestConstraints.tf"] = &OutputTemplate{TemplateName: "ApiRequestConstraints.tf", TableTitle: "ApiRequestConstraints", TemplateType: "TERRAFORM", TemplateString: "{{ $config := .ConfigID }}{{ $version := .Version }}{{ $prev_secpolicy := \"\" }}{{range $index1, $element := .SecurityPolicies}}{{$prev_secpolicy := .ID}}{{with .APIRequestConstraints}}{{if .Action}}\n// terraform import akamai_appsec_api_request_constraints.api_request_constraints_{{$prev_secpolicy}}{{if $index1}}_{{$index1}}{{end}} {{$config}}:{{$prev_secpolicy}}:{{.APIRequestConstraints.ID}}\nresource \"akamai_appsec_api_request_constraints\" \"api_request_constraints_{{$prev_secpolicy}}{{if $index1}}_{{$index1}}{{end}}\" { \n config_id = {{$config}}\n security_policy_id = \"{{$prev_secpolicy}}\" \n action = \"{{.APIRequestConstraints.Action}}\" \n }{{end}}{{end}}\n {{with .APIRequestConstraints}}{{with .APIEndpoints}}{{range $index, $element := .}}\n// terraform import akamai_appsec_api_request_constraints.api_request_constraints_override_{{.ID}}{{if $index}}_{{$index}}{{end}} {{$config}}:{{$prev_secpolicy}}:{{.ID}} \nresource \"akamai_appsec_api_request_constraints\" \"api_request_constraints_override_{{.ID}}{{if $index}}_{{$index}}{{end}}\" { \n config_id = {{$config}}\n security_policy_id = \"{{$prev_secpolicy}}\" \n api_endpoint_id = \"{{.ID}}\" \n action = \"{{.Action}}\" \n }\n{{end}}{{end}}{{end}}{{end}}"} otm["CustomDeny.tf"] = &OutputTemplate{TemplateName: "CustomDeny.tf", TableTitle: "CustomDeny", TemplateType: "TERRAFORM", TemplateString: "{{ $config := .ConfigID }}{{range $index, $element := .CustomDenyList}}\n// terraform import akamai_appsec_custom_deny.akamai_appsec_custom_deny{{if $index}}_{{$index}}{{end}} {{$config}}:{{.ID}}\nresource \"akamai_appsec_custom_deny\" \"akamai_appsec_custom_deny{{if $index}}_{{$index}}{{end}}\" { \n config_id = {{$config}}\n custom_deny = <<-EOF\n {{jsonwithoutid .}} \n EOF \n \n }\n{{end}}"} otm["CustomRule.tf"] = &OutputTemplate{TemplateName: "CustomRule.tf", TableTitle: "CustomRule", TemplateType: "TERRAFORM", TemplateString: "{{ $config := .ConfigID }}{{range $index, $element := .CustomRules}} \n// terraform import akamai_appsec_custom_rule.akamai_appsec_custom_rule{{if $index}}_{{$index}}{{end}} {{$config}}:{{.ID}}\nresource \"akamai_appsec_custom_rule\" \"akamai_appsec_custom_rule{{if $index}}_{{$index}}{{end}}\" { \n config_id = {{$config}}\n custom_rule = <<-EOF\n {{marshalwithoutid .}} \n EOF \n }\n {{end}}"} diff --git a/pkg/providers/appsec/testdata/TestDSAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json b/pkg/providers/appsec/testdata/TestDSAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json new file mode 100644 index 000000000..a1de5c63b --- /dev/null +++ b/pkg/providers/appsec/testdata/TestDSAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json @@ -0,0 +1,4 @@ +{ + "requestBodyInspectionLimitInKB": "16", + "override": true +} \ No newline at end of file diff --git a/pkg/providers/appsec/testdata/TestDSExportConfiguration/ExportConfiguration.json b/pkg/providers/appsec/testdata/TestDSExportConfiguration/ExportConfiguration.json index bb78e6bed..6694a81b3 100644 --- a/pkg/providers/appsec/testdata/TestDSExportConfiguration/ExportConfiguration.json +++ b/pkg/providers/appsec/testdata/TestDSExportConfiguration/ExportConfiguration.json @@ -4850,6 +4850,10 @@ "period": 60, "rate": 10 } + }, + "RequestBody": { + "override" : true, + "requestBodyInspectionLimitInKB" : "8" } } ], diff --git a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody32.json b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody32.json new file mode 100644 index 000000000..9a3bd3743 --- /dev/null +++ b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBody32.json @@ -0,0 +1,4 @@ +{ + "requestBodyInspectionLimitInKB": "32", + "override": true +} \ No newline at end of file diff --git a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json new file mode 100644 index 000000000..cc1565ac2 --- /dev/null +++ b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyDisabled.json @@ -0,0 +1,4 @@ +{ + "requestBodyInspectionLimitInKB": "32", + "override": false +} \ No newline at end of file diff --git a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json new file mode 100644 index 000000000..a1de5c63b --- /dev/null +++ b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/AdvancedSettingsRequestBodyPolicy.json @@ -0,0 +1,4 @@ +{ + "requestBodyInspectionLimitInKB": "16", + "override": true +} \ No newline at end of file diff --git a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_32.tf b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_32.tf new file mode 100644 index 000000000..444de7ecd --- /dev/null +++ b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_32.tf @@ -0,0 +1,11 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" + cache_enabled = false +} + +resource "akamai_appsec_advanced_settings_request_body" "policy" { + config_id = 43253 + security_policy_id = "test_policy" + request_body_inspection_limit = 32 + request_body_inspection_limit_override = true +} \ No newline at end of file diff --git a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id.tf b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id.tf index e8a20ee76..efcafdc1b 100644 --- a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id.tf +++ b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id.tf @@ -4,7 +4,8 @@ provider "akamai" { } resource "akamai_appsec_advanced_settings_request_body" "policy" { - config_id = 43253 - security_policy_id = "test_policy" - request_body_inspection_limit = 16 + config_id = 43253 + security_policy_id = "test_policy" + request_body_inspection_limit = 16 + request_body_inspection_limit_override = true } \ No newline at end of file diff --git a/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id_disable.tf b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id_disable.tf new file mode 100644 index 000000000..f23154593 --- /dev/null +++ b/pkg/providers/appsec/testdata/TestResAdvancedSettingsRequestBody/update_by_policy_id_disable.tf @@ -0,0 +1,11 @@ +provider "akamai" { + edgerc = "../../common/testutils/edgerc" + cache_enabled = false +} + +resource "akamai_appsec_advanced_settings_request_body" "policy" { + config_id = 43253 + security_policy_id = "test_policy" + request_body_inspection_limit = 32 + request_body_inspection_limit_override = false +} \ No newline at end of file From deda8c91bea957d5ffbf648eade9543780d8deb2 Mon Sep 17 00:00:00 2001 From: Shubham Kabra Date: Thu, 22 Aug 2024 13:56:17 +0000 Subject: [PATCH 12/17] SECKSD-27520 Fixed `akamai_appsec_configuration` data source to return a single configuration in the output_text instead of the entire list of security configurations --- CHANGELOG.md | 8 ++--- .../data_akamai_appsec_configuration.go | 29 ++++++++++--------- .../data_akamai_appsec_configuration_test.go | 2 ++ 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87cefdb7a..5c3232299 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -66,11 +66,9 @@ #### BUG FIXES: * Appsec - * Fixed import of `akamai_appsec_match_target` for newly created security configuration or any security configuration not synced in the terraform state [I#546](https://github.com/akamai/terraform-provider-akamai/issues/546)) - - -* Appsec - * Fixed issue where activation was not triggered after network list change in `resource_akamai_networklist_activations` resource [I#518](https://github.com/akamai/terraform-provider-akamai/issues/518) + * Fixed import of `akamai_appsec_match_target` for newly created security configuration or any security configuration not synced in the terraform state ([I#546](https://github.com/akamai/terraform-provider-akamai/issues/546)) + * Fixed issue where activation was not triggered after network list change in `resource_akamai_networklist_activations` resource ([I#518](https://github.com/akamai/terraform-provider-akamai/issues/518)) + * Fixed `akamai_appsec_configuration` data source to return a single security configuration in the output_text instead of the entire list of security configurations diff --git a/pkg/providers/appsec/data_akamai_appsec_configuration.go b/pkg/providers/appsec/data_akamai_appsec_configuration.go index b2ed369e0..ff2f84a19 100644 --- a/pkg/providers/appsec/data_akamai_appsec_configuration.go +++ b/pkg/providers/appsec/data_akamai_appsec_configuration.go @@ -66,7 +66,8 @@ func dataSourceConfigurationRead(ctx context.Context, d *schema.ResourceData, m return diag.FromErr(err) } - configuration, err := client.GetConfigurations(ctx, appsec.GetConfigurationsRequest{}) + configurations, err := client.GetConfigurations(ctx, appsec.GetConfigurationsRequest{}) + outputConfigurations := appsec.GetConfigurationsResponse{} if err != nil { logger.Errorf("calling 'getConfiguration': %s", err.Error()) return diag.FromErr(err) @@ -74,24 +75,25 @@ func dataSourceConfigurationRead(ctx context.Context, d *schema.ResourceData, m if configName != "" { found := false - for _, configval := range configuration.Configurations { - if configval.Name == configName { + for _, config := range configurations.Configurations { + if config.Name == configName { found = true - if err := d.Set("config_id", configval.ID); err != nil { + outputConfigurations.Configurations = append(outputConfigurations.Configurations, config) + if err := d.Set("config_id", config.ID); err != nil { return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) } - if err := d.Set("latest_version", configval.LatestVersion); err != nil { + if err := d.Set("latest_version", config.LatestVersion); err != nil { return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) } - if err := d.Set("staging_version", configval.StagingVersion); err != nil { + if err := d.Set("staging_version", config.StagingVersion); err != nil { return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) } - if err := d.Set("production_version", configval.ProductionVersion); err != nil { + if err := d.Set("production_version", config.ProductionVersion); err != nil { return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) } getSelectedHostnamesRequest := appsec.GetSelectedHostnamesRequest{ - ConfigID: configval.ID, - Version: configval.LatestVersion, + ConfigID: config.ID, + Version: config.LatestVersion, } // Fetch selected hostnames for the config version @@ -109,7 +111,7 @@ func dataSourceConfigurationRead(ctx context.Context, d *schema.ResourceData, m if err = d.Set("host_names", selectedHostnameList); err != nil { return diag.Errorf("%s: %s", tf.ErrValueSet, err.Error()) } - d.SetId(strconv.Itoa(configval.ID)) + d.SetId(strconv.Itoa(config.ID)) break } } @@ -117,8 +119,9 @@ func dataSourceConfigurationRead(ctx context.Context, d *schema.ResourceData, m return diag.Errorf("configuration '%s' not found", configName) } } else { - if len(configuration.Configurations) > 0 { - d.SetId(strconv.Itoa(configuration.Configurations[0].ID)) + if len(configurations.Configurations) > 0 { + outputConfigurations = *configurations + d.SetId(strconv.Itoa(configurations.Configurations[0].ID)) } else { d.SetId(strconv.Itoa(0)) } @@ -126,7 +129,7 @@ func dataSourceConfigurationRead(ctx context.Context, d *schema.ResourceData, m ots := OutputTemplates{} InitTemplates(ots) - outputtext, err := RenderTemplates(ots, "configuration", configuration) + outputtext, err := RenderTemplates(ots, "configuration", outputConfigurations) if err != nil { return diag.FromErr(err) } diff --git a/pkg/providers/appsec/data_akamai_appsec_configuration_test.go b/pkg/providers/appsec/data_akamai_appsec_configuration_test.go index e3372dd3e..f2d779437 100644 --- a/pkg/providers/appsec/data_akamai_appsec_configuration_test.go +++ b/pkg/providers/appsec/data_akamai_appsec_configuration_test.go @@ -71,6 +71,7 @@ func TestAkamaiConfiguration_data_hostnames(t *testing.T) { err = json.Unmarshal(testutils.LoadFixtureBytes(t, "testdata/TestDSSelectedHostnames/SelectedHostnames.json"), &getSelectedHostnamesResponse) require.NoError(t, err) + expectedOutputText := "\n+------------------------------------------------------------------------------------------------------+\n| Configurations |\n+-----------+--------------+----------------+---------------------------+------------------------------+\n| CONFIG_ID | NAME | LATEST_VERSION | VERSION_ACTIVE_IN_STAGING | VERSION_ACTIVE_IN_PRODUCTION |\n+-----------+--------------+----------------+---------------------------+------------------------------+\n| 43253 | Akamai Tools | 15 | 0 | 0 |\n+-----------+--------------+----------------+---------------------------+------------------------------+\n" client.On("GetSelectedHostnames", mock.Anything, appsec.GetSelectedHostnamesRequest{ConfigID: 43253, Version: 15}, @@ -85,6 +86,7 @@ func TestAkamaiConfiguration_data_hostnames(t *testing.T) { Config: testutils.LoadFixtureString(t, "testdata/TestDSConfiguration/match_by_id.tf"), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("data.akamai_appsec_configuration.test", "host_names.#", "2"), + resource.TestCheckResourceAttr("data.akamai_appsec_configuration.test", "output_text", expectedOutputText), ), }, }, From 81f38250c857641d2c3c0325019c3ef7b60ca641 Mon Sep 17 00:00:00 2001 From: Wojciech Zagrajczuk Date: Mon, 26 Aug 2024 09:14:09 +0000 Subject: [PATCH 13/17] DXE-3940 Changelog cleanup & links update for new release --- CHANGELOG.md | 95 +++---------------------------- docs/data-sources/data-sources.md | 30 +++++----- docs/guides/get-started.md | 32 +++++------ docs/index.md | 30 +++++----- docs/resources/resources.md | 30 +++++----- go.mod | 2 +- go.sum | 4 +- 7 files changed, 73 insertions(+), 150 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c3232299..3a877717d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,67 +1,24 @@ # RELEASE NOTES -## X.X.X (X X, X) - -#### BREAKING CHANGES: - - - - - - - - - - - - +## 6.4.0 (Aug 29, 2024) #### FEATURES/ENHANCEMENTS: -* Appsec - * Added `request_body_inspection_limit_override` field to `akamai_appsec_advanced_settings_request_body` resource - * Global * Updated SDKv2 and framework libraries as result of updating `terraform-plugin-testing` +* Appsec + * Added `request_body_inspection_limit_override` field to `akamai_appsec_advanced_settings_request_body` resource - +* CPS + * Added `acknowledge_post_verification_warnings` to the `akamai_cps_dv_validation` resource to allow for acknowledgement of post-verification warnings * PAPI * Added support for new rule format `v2024-08-13` - - - - -* PAPI - * Added support for moving PAPI resources between groups (`akamai_property` and `akamai_property_bootstrap`) by updating the `group_id` field. - - -* CPS - * Added `acknowledge_post_verification_warnings` to the `akamai_cps_dv_validation` resource to allow for acknowledgement of post-verification warnings - - - - - - - - - - - - - - - - - - - - - - - + * Added support for moving PAPI property between groups (`akamai_property` and `akamai_property_bootstrap`) by updating the `group_id` field. + * Added support for status code `429 Too Many Requests` containing `X-RateLimit-Next` header. + When `X-RateLimit-Next` is present, the wait time before retry is calculated as the time + difference between this header and the `Date` header. #### BUG FIXES: @@ -70,32 +27,13 @@ * Fixed issue where activation was not triggered after network list change in `resource_akamai_networklist_activations` resource ([I#518](https://github.com/akamai/terraform-provider-akamai/issues/518)) * Fixed `akamai_appsec_configuration` data source to return a single security configuration in the output_text instead of the entire list of security configurations - - - * Cloudlets * Corrected format of the retry time when logging in `akamai_cloudlets_application_load_balancer_activation` and `akamai_cloudlets_policy_activation` resources - - - - * PAPI * Fixed issue with provider producing an inconsistent final plan with Cloudlet policy ([I#567](https://github.com/akamai/terraform-provider-akamai/issues/567)). It happened in cases when content of the rule depends on some other resource - - - - - - - - - - - - ## 6.3.0 (July 16, 2024) #### FEATURES/ENHANCEMENTS: @@ -138,21 +76,6 @@ * Added new optional field `ttl` to `akamai_edge_hostname` resource. When it is used, creation or update takes longer as resource has to synchronize its state with HAPI. - - - - - -* PAPI - * Added support for status code `429 Too Many Requests` containing `X-RateLimit-Next` header. - When `X-RateLimit-Next` is present, the wait time before retry is calculated as the time - difference between this header and the `Date` header. - - - - - - #### BUG FIXES: * Appsec diff --git a/docs/data-sources/data-sources.md b/docs/data-sources/data-sources.md index a964354cc..3792a751c 100644 --- a/docs/data-sources/data-sources.md +++ b/docs/data-sources/data-sources.md @@ -8,18 +8,18 @@ We’ve moved our documentation to the Akamai TechDocs site. Use the table to fi | Subprovider | Description | |---------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| -| [Application Security](https://techdocs.akamai.com/terraform/v6.3/docs/appsec-datasources) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | -| [Bot Manager](https://techdocs.akamai.com/terraform/v6.3/docs/botman-datasources) | Identify, track, and respond to bot activity on your domain or in your app. | -| [Certificates](https://techdocs.akamai.com/terraform/v6.3/docs/cps-datasources) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | -| [Client Lists](https://techdocs.akamai.com/terraform/v6.3/docs/cli-data-sources) | Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| -|[Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.3/docs/cam-ds) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys. | -| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.3/docs/cw-data-sources) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| -| [Cloudlets](https://techdocs.akamai.com/terraform/v6.3/docs/cl-datasources) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | -| [DataStream](https://techdocs.akamai.com/terraform/v6.3/docs/ds-datasources) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | -| [Edge DNS](https://techdocs.akamai.com/terraform/v6.3/docs/edns-datasources) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | -| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.3/docs/ew-datasources) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | -| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.3/docs/gtm-datasources) | Use load balancing to manage website and mobile performance demands. | -| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.3/docs/iam-datasources) | Create users and groups, and define policies that manage access to your Akamai applications. | -| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.3/docs/ivm-datasources) | Automate image and video delivery optimizations for your website visitors. | -| [Network Lists](https://techdocs.akamai.com/terraform/v6.3/docs/nl-datasources) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | -| [Property](https://techdocs.akamai.com/terraform/v6.3/docs/pm-datasources) | Define rules and behaviors that govern your website delivery based on match criteria. | +| [Application Security](https://techdocs.akamai.com/terraform/v6.4/docs/appsec-datasources) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | +| [Bot Manager](https://techdocs.akamai.com/terraform/v6.4/docs/botman-datasources) | Identify, track, and respond to bot activity on your domain or in your app. | +| [Certificates](https://techdocs.akamai.com/terraform/v6.4/docs/cps-datasources) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | +| [Client Lists](https://techdocs.akamai.com/terraform/v6.4/docs/cli-data-sources) | Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| +|[Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.4/docs/cam-ds) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys. | +| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.4/docs/cw-data-sources) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| +| [Cloudlets](https://techdocs.akamai.com/terraform/v6.4/docs/cl-datasources) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | +| [DataStream](https://techdocs.akamai.com/terraform/v6.4/docs/ds-datasources) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | +| [Edge DNS](https://techdocs.akamai.com/terraform/v6.4/docs/edns-datasources) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | +| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.4/docs/ew-datasources) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | +| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.4/docs/gtm-datasources) | Use load balancing to manage website and mobile performance demands. | +| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.4/docs/iam-datasources) | Create users and groups, and define policies that manage access to your Akamai applications. | +| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.4/docs/ivm-datasources) | Automate image and video delivery optimizations for your website visitors. | +| [Network Lists](https://techdocs.akamai.com/terraform/v6.4/docs/nl-datasources) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | +| [Property](https://techdocs.akamai.com/terraform/v6.4/docs/pm-datasources) | Define rules and behaviors that govern your website delivery based on match criteria. | diff --git a/docs/guides/get-started.md b/docs/guides/get-started.md index bb336366e..408f748a3 100644 --- a/docs/guides/get-started.md +++ b/docs/guides/get-started.md @@ -21,7 +21,7 @@ Your Akamai Terraform configuration starts with listing us as a required provide required_providers { akamai = { source = "akamai/akamai" - version = "6.3.0" + version = "6.4.0" } } } @@ -99,21 +99,21 @@ Use the table to find information about the subprovider you’re using. | Subprovider | Description | |----------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| -| [Application Security](https://techdocs.akamai.com/terraform/v6.3/docs/configure-appsec) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | -| [Bot Manager](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-botman) | Identify, track, and respond to bot activity on your domain or in your app. | -| [Certificates](https://techdocs.akamai.com/terraform/v6.3/docs/cps-integration-guide) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | -| [Client Lists](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-client-lists) | Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| -|[Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-cam) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys. | -| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-cloud-wrapper) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| -| [Cloudlets](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-cloudlets) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | -| [DataStream](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-datastream) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | -| [Edge DNS](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-edgedns) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | -| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-edgeworkers) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | -| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-gtm) | Use load balancing to manage website and mobile performance demands. | -| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-iam) | Create users and groups, and define policies that manage access to your Akamai applications. | -| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-ivm) | Automate image and video delivery optimizations for your website visitors. | -| [Network Lists](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-network-lists) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | -| [Property](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-property-provisioning) | Define rules and behaviors that govern your website delivery based on match criteria. | +| [Application Security](https://techdocs.akamai.com/terraform/v6.4/docs/configure-appsec) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | +| [Bot Manager](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-botman) | Identify, track, and respond to bot activity on your domain or in your app. | +| [Certificates](https://techdocs.akamai.com/terraform/v6.4/docs/cps-integration-guide) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | +| [Client Lists](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-client-lists) | Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| +|[Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-cam) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys. | +| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-cloud-wrapper) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| +| [Cloudlets](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-cloudlets) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | +| [DataStream](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-datastream) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | +| [Edge DNS](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-edgedns) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | +| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-edgeworkers) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | +| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-gtm) | Use load balancing to manage website and mobile performance demands. | +| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-iam) | Create users and groups, and define policies that manage access to your Akamai applications. | +| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-ivm) | Automate image and video delivery optimizations for your website visitors. | +| [Network Lists](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-network-lists) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | +| [Property](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-property-provisioning) | Define rules and behaviors that govern your website delivery based on match criteria. | ### Get contract and group IDs diff --git a/docs/index.md b/docs/index.md index 60694a3c3..6e45e5721 100644 --- a/docs/index.md +++ b/docs/index.md @@ -35,21 +35,21 @@ We’ve moved our documentation to the Akamai TechDocs site. Use the table to fi | Subprovider | Description | |----------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| -| [Application Security](https://techdocs.akamai.com/terraform/v6.3/docs/configure-appsec) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | -| [Bot Manager](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-botman) | Identify, track, and respond to bot activity on your domain or in your app. | -| [Certificates](https://techdocs.akamai.com/terraform/v6.3/docs/cps-integration-guide) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | -| [Client Lists](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-client-lists) | Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| -| [Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-cam) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys. | -| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-cloud-wrapper) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| -| [Cloudlets](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-cloudlets) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | -| [DataStream](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-datastream) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | -| [Edge DNS](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-edgedns) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | -| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-edgeworkers) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | -| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-gtm) | Use load balancing to manage website and mobile performance demands. | -| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-iam) | Create users and groups, and define policies that manage access to your Akamai applications. | -| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-ivm) | Automate image and video delivery optimizations for your website visitors. | -| [Network Lists](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-network-lists) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | -| [Property](https://techdocs.akamai.com/terraform/v6.3/docs/set-up-property-provisioning) | Define rules and behaviors that govern your website delivery based on match criteria. | +| [Application Security](https://techdocs.akamai.com/terraform/v6.4/docs/configure-appsec) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | +| [Bot Manager](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-botman) | Identify, track, and respond to bot activity on your domain or in your app. | +| [Certificates](https://techdocs.akamai.com/terraform/v6.4/docs/cps-integration-guide) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | +| [Client Lists](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-client-lists) | Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| +| [Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-cam) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys. | +| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-cloud-wrapper) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| +| [Cloudlets](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-cloudlets) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | +| [DataStream](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-datastream) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | +| [Edge DNS](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-edgedns) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | +| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-edgeworkers) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | +| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-gtm) | Use load balancing to manage website and mobile performance demands. | +| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-iam) | Create users and groups, and define policies that manage access to your Akamai applications. | +| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-ivm) | Automate image and video delivery optimizations for your website visitors. | +| [Network Lists](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-network-lists) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | +| [Property](https://techdocs.akamai.com/terraform/v6.4/docs/set-up-property-provisioning) | Define rules and behaviors that govern your website delivery based on match criteria. | ## Links to resources diff --git a/docs/resources/resources.md b/docs/resources/resources.md index 5e50174cb..fc4c279eb 100644 --- a/docs/resources/resources.md +++ b/docs/resources/resources.md @@ -8,18 +8,18 @@ We’ve moved our documentation to the Akamai TechDocs site. Use the table to fi | Subprovider | Description | |-------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| -| [Application Security](https://techdocs.akamai.com/terraform/v6.3/docs/appsec-resources) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | -| [Bot Manager](https://techdocs.akamai.com/terraform/v6.3/docs/botman-resources) | Identify, track, and respond to bot activity on your domain or in your app. | -| [Certificates](https://techdocs.akamai.com/terraform/v6.3/docs/cps-resources) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | -| [Client Lists](https://techdocs.akamai.com/terraform/v6.3/docs/cli-resources) |Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| -| [Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.3/docs/cam-rc) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys.| -| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.3/docs/cw-resources) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| -| [Cloudlets](https://techdocs.akamai.com/terraform/v6.3/docs/cl-resources) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | -| [DataStream](https://techdocs.akamai.com/terraform/v6.3/docs/ds-resources) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | -| [Edge DNS](https://techdocs.akamai.com/terraform/v6.3/docs/edns-resources) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | -| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.3/docs/ew-resources) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | -| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.3/docs/gtm-resources) | Use load balancing to manage website and mobile performance demands. | -| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.3/docs/iam-resources) | Create users and groups, and define policies that manage access to your Akamai applications. | -| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.3/docs/ivm-resources) | Automate image and video delivery optimizations for your website visitors. | -| [Network Lists](https://techdocs.akamai.com/terraform/v6.3/docs/nl-resources) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | -| [Property](https://techdocs.akamai.com/terraform/v6.3/docs/pm-resources) | Define rules and behaviors that govern your website delivery based on match criteria. | +| [Application Security](https://techdocs.akamai.com/terraform/v6.4/docs/appsec-resources) | Manage security configurations, security policies, match targets, rate policies, and firewall rules. | +| [Bot Manager](https://techdocs.akamai.com/terraform/v6.4/docs/botman-resources) | Identify, track, and respond to bot activity on your domain or in your app. | +| [Certificates](https://techdocs.akamai.com/terraform/v6.4/docs/cps-resources) | Full life cycle management of SSL certificates for your ​Akamai​ CDN applications. | +| [Client Lists](https://techdocs.akamai.com/terraform/v6.4/docs/cli-resources) |Reduce harmful security attacks by allowing only trusted IP/CIDRs, locations, autonomous system numbers, and TLS fingerprints to access your services and content.| +| [Cloud Access Manager](https://techdocs.akamai.com/terraform/v6.4/docs/cam-rc) | Enable cloud origin authentication and securely store and manage your cloud origin credentials as access keys.| +| [Cloud Wrapper](https://techdocs.akamai.com/terraform/v6.4/docs/cw-resources) | Provide your customers with a more consistent user experience by adding a custom caching layer that improves the connection between your cloud infrastructure and the Akamai platform.| +| [Cloudlets](https://techdocs.akamai.com/terraform/v6.4/docs/cl-resources) | Solve specific business challenges using value-added apps that complement ​Akamai​'s core solutions. | +| [DataStream](https://techdocs.akamai.com/terraform/v6.4/docs/ds-resources) | Monitor activity on the ​Akamai​ platform and send live log data to a destination of your choice. | +| [Edge DNS](https://techdocs.akamai.com/terraform/v6.4/docs/edns-resources) | Replace or augment your DNS infrastructure with a cloud-based authoritative DNS solution. | +| [EdgeWorkers](https://techdocs.akamai.com/terraform/v6.4/docs/ew-resources) | Execute JavaScript functions at the edge to optimize site performance and customize web experiences. | +| [Global Traffic Management](https://techdocs.akamai.com/terraform/v6.4/docs/gtm-resources) | Use load balancing to manage website and mobile performance demands. | +| [Identity and Access Management](https://techdocs.akamai.com/terraform/v6.4/docs/iam-resources) | Create users and groups, and define policies that manage access to your Akamai applications. | +| [Image and Video Manager](https://techdocs.akamai.com/terraform/v6.4/docs/ivm-resources) | Automate image and video delivery optimizations for your website visitors. | +| [Network Lists](https://techdocs.akamai.com/terraform/v6.4/docs/nl-resources) | Automate the creation, deployment, and management of lists used in ​Akamai​ security products. | +| [Property](https://techdocs.akamai.com/terraform/v6.4/docs/pm-resources) | Define rules and behaviors that govern your website delivery based on match criteria. | diff --git a/go.mod b/go.mod index 64e37bc4d..cf505f307 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/akamai/terraform-provider-akamai/v6 go 1.21 require ( - github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.3.0 + github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.4.0 github.com/allegro/bigcache/v2 v2.2.5 github.com/apex/log v1.9.0 github.com/dlclark/regexp2 v1.10.0 diff --git a/go.sum b/go.sum index 909a1827c..c3bd65481 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97 github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.3.0 h1:hB9ddRrmjfrxchN4NWABj3eT5PtkBAFRkxe5eqwBB7k= -github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.3.0/go.mod h1:8hi/1Ctc9KGtPSZhpMRDRGULSvXpnce4htof1pH2wvI= +github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.4.0 h1:zZJimNqkV3o7qZqBnprKyHCqUOTzoEaabG4qB3z0E2g= +github.com/akamai/AkamaiOPEN-edgegrid-golang/v8 v8.4.0/go.mod h1:2xRRnHx8dnw0i8IZPYOI0I7xbr1gnAN1uIYo7acMIbg= github.com/allegro/bigcache/v2 v2.2.5 h1:mRc8r6GQjuJsmSKQNPsR5jQVXc8IJ1xsW5YXUYMLfqI= github.com/allegro/bigcache/v2 v2.2.5/go.mod h1:FppZsIO+IZk7gCuj5FiIDHGygD9xvWQcqg1uIPMb6tY= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= From 4b3d25d76db90ba7f8a8d298000cd347138663d7 Mon Sep 17 00:00:00 2001 From: Piotr Bartosik Date: Fri, 30 Aug 2024 10:21:50 +0000 Subject: [PATCH 14/17] DXE-4176 block moving property in PAPI resources --- CHANGELOG.md | 1 - .../property/resource_akamai_property.go | 5 +- .../resource_akamai_property_bootstrap.go | 4 +- ...resource_akamai_property_bootstrap_test.go | 27 ++++++++++ .../property/resource_akamai_property_test.go | 51 +++++++++++++++++++ 5 files changed, 83 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a877717d..4087cdef0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,6 @@ * PAPI * Added support for new rule format `v2024-08-13` - * Added support for moving PAPI property between groups (`akamai_property` and `akamai_property_bootstrap`) by updating the `group_id` field. * Added support for status code `429 Too Many Requests` containing `X-RateLimit-Next` header. When `X-RateLimit-Next` is present, the wait time before retry is calculated as the time difference between this header and the `Date` header. diff --git a/pkg/providers/property/resource_akamai_property.go b/pkg/providers/property/resource_akamai_property.go index c2bed21c8..068270225 100644 --- a/pkg/providers/property/resource_akamai_property.go +++ b/pkg/providers/property/resource_akamai_property.go @@ -666,6 +666,7 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter diags := diag.Diagnostics{} immutable := []string{ + "group_id", "contract_id", "product_id", "property_id", @@ -683,9 +684,9 @@ func resourcePropertyUpdate(ctx context.Context, d *schema.ResourceData, m inter } // We only update if these attributes change. - if !d.HasChanges("group_id", "hostnames", "rules", "rule_format") { + if !d.HasChanges("hostnames", "rules", "rule_format") { logger.Debug( - "No changes to group_id, hostnames, rules, or rule_format (no update required)") + "No changes to hostnames, rules, or rule_format (no update required)") return nil } diff --git a/pkg/providers/property/resource_akamai_property_bootstrap.go b/pkg/providers/property/resource_akamai_property_bootstrap.go index 87c2a204b..30707acf3 100644 --- a/pkg/providers/property/resource_akamai_property_bootstrap.go +++ b/pkg/providers/property/resource_akamai_property_bootstrap.go @@ -72,6 +72,7 @@ func (r *BootstrapResource) Schema(_ context.Context, _ resource.SchemaRequest, Description: "Group ID to be assigned to the Property", PlanModifiers: []planmodifier.String{ modifiers.StringUseStateIf(modifiers.EqualUpToPrefixFunc("grp_")), + modifiers.PreventStringUpdate(), }, }, "contract_id": schema.StringAttribute{ @@ -201,9 +202,8 @@ func (r *BootstrapResource) Read(ctx context.Context, req resource.ReadRequest, } // Update supports change for the following attributes: -// - `group_id` using a dedicated endpoint from the IAM API, // - `name`, which results in resource replacement. -// Trying to update `contract_id` or `product_id` will result in an error. +// Trying to update `group_id`, `contract_id` or `product_id` will result in an error. func (r *BootstrapResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var plan, state BootstrapResourceModel diff --git a/pkg/providers/property/resource_akamai_property_bootstrap_test.go b/pkg/providers/property/resource_akamai_property_bootstrap_test.go index c2ec19d1f..6c069770d 100644 --- a/pkg/providers/property/resource_akamai_property_bootstrap_test.go +++ b/pkg/providers/property/resource_akamai_property_bootstrap_test.go @@ -180,6 +180,7 @@ func TestBootstrapResourceUpdate(t *testing.T) { configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", configPathForUpdate: "testdata/TestResPropertyBootstrap/update_group.tf", init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + t.Skip("skipping before moving property is enabled again, see DXE-4176") ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, data.propertyID).Once() prp := &papi.Property{ @@ -257,6 +258,7 @@ func TestBootstrapResourceUpdate(t *testing.T) { configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", configPathForUpdate: "testdata/TestResPropertyBootstrap/update_name_and_group.tf", init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + t.Skip("skipping before moving property is enabled again, see DXE-4176") ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, data.propertyID).Once() prp := &papi.Property{ @@ -342,6 +344,31 @@ func TestBootstrapResourceUpdate(t *testing.T) { }, errorForUpdate: regexp.MustCompile("updating field `product_id` is not possible"), }, + "create and update group - error": { + // TODO: remove this test after moving property is enabled again, see DXE-4176 + configPathForCreate: "testdata/TestResPropertyBootstrap/create.tf", + configPathForUpdate: "testdata/TestResPropertyBootstrap/update_group.tf", + init: func(t *testing.T, papiMock *papi.Mock, iamMock *iam.Mock, data testDataForPropertyBootstrap) { + ExpectCreateProperty(papiMock, data.name, data.groupID, data.contractID, data.productID, data.propertyID) + prp := &papi.Property{ + ContractID: "ctr_2", + GroupID: "grp_1", + ProductID: "prd_3", + PropertyID: "prp_123", + PropertyName: "property_name", + } + ExpectGetProperty(papiMock, data.propertyID, data.groupID, data.contractID, prp) + ExpectRemoveProperty(papiMock, data.propertyID, data.contractID, data.groupID) + }, + mockData: testDataForPropertyBootstrap{ + propertyID: "prp_123", + name: "property_name", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + }, + errorForUpdate: regexp.MustCompile("updating field `group_id` is not possible"), + }, } for name, test := range tests { diff --git a/pkg/providers/property/resource_akamai_property_test.go b/pkg/providers/property/resource_akamai_property_test.go index 09077f696..a89e452be 100644 --- a/pkg/providers/property/resource_akamai_property_test.go +++ b/pkg/providers/property/resource_akamai_property_test.go @@ -1730,6 +1730,7 @@ func TestResProperty(t *testing.T) { } func TestGroupIDUpdate(t *testing.T) { + t.Skip("skipping before moving property is enabled again, see DXE-4176") baseData := mockPropertyData{ propertyName: "dummy_name", groupID: "grp_1", @@ -1889,6 +1890,56 @@ func TestGroupIDUpdate(t *testing.T) { } } +// TODO: remove this test after moving property is enabled again, see DXE-4176 +func TestGroupIDUpdateError(t *testing.T) { + baseData := mockPropertyData{ + propertyName: "dummy_name", + groupID: "grp_1", + contractID: "ctr_2", + productID: "prd_3", + propertyID: "prp_12345", + latestVersion: 1, + assetID: "aid_55555", + cnameFrom: "from.test.domain", + cnameTo: "to.test.domain", + } + + papiMock := &papi.Mock{} + mp := mockProperty{ + papiMock: papiMock, + mockPropertyData: baseData, + } + mockResourcePropertyCreate(&mp) + // refresh + mockResourcePropertyRead(&mp) + // second refresh + mockResourcePropertyRead(&mp) + mp.mockRemoveProperty().Once() + + useClient(papiMock, nil, func() { + resource.UnitTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testutils.NewProtoV6ProviderFactory(NewSubprovider()), + Steps: []resource.TestStep{ + { + Config: testutils.LoadFixtureString(t, "testdata/TestGroupIDUpdate/base.tf"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("akamai_property.test", "name", "dummy_name"), + resource.TestCheckResourceAttr("akamai_property.test", "group_id", "grp_1"), + resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cname_from", "from.test.domain"), + resource.TestCheckResourceAttr("akamai_property.test", "contract_id", "ctr_2"), + resource.TestCheckResourceAttr("akamai_property.test", "product_id", "prd_3"), + resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cname_to", "to.test.domain"), + resource.TestCheckResourceAttr("akamai_property.test", "hostnames.0.cert_provisioning_type", "DEFAULT")), + }, + { + Config: testutils.LoadFixtureString(t, "testdata/TestGroupIDUpdate/update_group_id.tf"), + ExpectError: regexp.MustCompile(`property attribute "group_id" cannot be changed after creation \(immutable\)`), + }, + }, + }) + }) +} + func TestPropertyResource_versionNotesLifecycle(t *testing.T) { testdataDir := "testdata/TestResProperty/Lifecycle/versionNotes" resourceName := "akamai_property.test" From 19ab44fc54b94395b61432cf693beca28371278f Mon Sep 17 00:00:00 2001 From: Michal Wojcik Date: Tue, 3 Sep 2024 16:00:43 +0200 Subject: [PATCH 15/17] DXE-4183 Revert handle retries for 429 code with X-RateLimit-Next This reverts commit 161c2ad4c7b1ce76a72404bfd0d77b0aec01e62d. --- internal/test/test.go | 89 -------- pkg/akamai/configure_context.go | 102 ++------- pkg/akamai/configure_context_test.go | 304 --------------------------- 3 files changed, 14 insertions(+), 481 deletions(-) diff --git a/internal/test/test.go b/internal/test/test.go index f9c4191df..7c8210fbf 100644 --- a/internal/test/test.go +++ b/internal/test/test.go @@ -2,13 +2,9 @@ package test import ( - "math/rand" - "net/http" - "sync" "testing" "time" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -19,88 +15,3 @@ func NewTimeFromString(t *testing.T, s string) time.Time { require.NoError(t, err) return parsedTime } - -// XRateLimitHTTPHandler first returns status 429 with the X-RateLimit-Next header set to -// time.Now() plus a random value between 1 and 5 seconds. It keeps sending 429 until the -// X-RateLimit-Next point in time. Then it starts to return SuccessCode and SuccessBody -// indefinitely. -type XRateLimitHTTPHandler struct { - T *testing.T - SuccessCode int - SuccessBody string - - mutex sync.Mutex - availableAt time.Time - returnedCodes []int - returnTimes []time.Time -} - -func (h *XRateLimitHTTPHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request) { - av := h.AvailableAt() - - if av.IsZero() { - busyInterval := time.Duration(1+rand.Intn(4)) * time.Second - h.setAvailableAt(time.Now().Add(busyInterval)) - h.setTooManyRequests(w) - return - } - - now := time.Now() - if now.Before(av) { - h.setTooManyRequests(w) - } else { - h.setStatusCode(w, h.SuccessCode) - _, err := w.Write([]byte(h.SuccessBody)) - assert.NoError(h.T, err) - } -} - -// AvailableAt returns the point in time at which the handler stops returning status code 429 -func (h *XRateLimitHTTPHandler) AvailableAt() time.Time { - h.mutex.Lock() - defer h.mutex.Unlock() - return h.availableAt -} - -// ReturnedCodes returns a list of status codes from subsequent handler responses -func (h *XRateLimitHTTPHandler) ReturnedCodes() []int { - h.mutex.Lock() - defer h.mutex.Unlock() - res := make([]int, len(h.returnedCodes)) - copy(res, h.returnedCodes) - return res -} - -// ReturnTimes returns a list of times at which subsequent responses were written -func (h *XRateLimitHTTPHandler) ReturnTimes() []time.Time { - h.mutex.Lock() - defer h.mutex.Unlock() - res := make([]time.Time, len(h.returnTimes)) - copy(res, h.returnTimes) - return res -} - -func (h *XRateLimitHTTPHandler) setTooManyRequests(w http.ResponseWriter) { - // Do not use Add() to avoid canonicalization to X-Ratelimit-Next - nextStr := h.availableAt.Format(time.RFC3339Nano) - w.Header()["X-RateLimit-Next"] = []string{nextStr} - h.setStatusCode(w, http.StatusTooManyRequests) - body := "Your request did not succeed as this operation has reached the limit " + - "for your account. Please try after " + nextStr - _, err := w.Write([]byte(body)) - assert.NoError(h.T, err) -} - -func (h *XRateLimitHTTPHandler) setStatusCode(w http.ResponseWriter, statusCode int) { - w.WriteHeader(statusCode) - h.mutex.Lock() - defer h.mutex.Unlock() - h.returnedCodes = append(h.returnedCodes, statusCode) - h.returnTimes = append(h.returnTimes, time.Now()) -} - -func (h *XRateLimitHTTPHandler) setAvailableAt(availableAt time.Time) { - h.mutex.Lock() - defer h.mutex.Unlock() - h.availableAt = availableAt -} diff --git a/pkg/akamai/configure_context.go b/pkg/akamai/configure_context.go index dc68c220b..0dcfcf19e 100644 --- a/pkg/akamai/configure_context.go +++ b/pkg/akamai/configure_context.go @@ -16,7 +16,6 @@ import ( "github.com/akamai/terraform-provider-akamai/v6/pkg/logger" "github.com/akamai/terraform-provider-akamai/v6/pkg/meta" "github.com/akamai/terraform-provider-akamai/v6/pkg/retryablehttp" - "github.com/apex/log" "github.com/google/uuid" "github.com/spf13/cast" ) @@ -63,90 +62,6 @@ func sessionWithoutRetry(opts []session.Option) (session.Session, error) { return session.New(opts...) } -func overrideRetryPolicy(basePolicy retryablehttp.CheckRetry) retryablehttp.CheckRetry { - return func(ctx context.Context, resp *http.Response, err error) (bool, error) { - - // do not retry on context.Canceled or context.DeadlineExceeded - if ctx.Err() != nil { - return false, ctx.Err() - } - - // Retry all PAPI requests resulting status code 429 - // The backoff time is calculated in getXRateLimitBackoff - is429 := resp != nil && resp.StatusCode == http.StatusTooManyRequests - if is429 && strings.HasPrefix(resp.Request.URL.Path, "/papi/") { - return true, nil - } - - var urlErr *url.Error - if (resp != nil && resp.Request.Method == http.MethodGet) || - (resp == nil && errors.As(err, &urlErr) && strings.ToUpper(urlErr.Op) == http.MethodGet) { - - if resp != nil && resp.StatusCode == http.StatusConflict { - return true, nil - } - return basePolicy(ctx, resp, err) - } - return false, nil - } -} - -// Note that Date's resolution is seconds (e.g. Mon, 01 Jul 2024 14:32:14 GMT), -// while X-RateLimit-Next's resolution is milliseconds (2024-07-01T14:32:28.645Z). -// This may cause the wait time to be inflated by at most one second, like for the -// actual server response time around 2024-07-01T14:32:14.999Z. This is acceptable behavior -// as retry does not occur earlier than expected. -func getXRateLimitBackoff(resp *http.Response, logger log.Interface) (time.Duration, bool) { - nextHeader := resp.Header.Get("X-RateLimit-Next") - if nextHeader == "" { - return 0, false - } - next, err := time.Parse(time.RFC3339Nano, nextHeader) - if err != nil { - if logger != nil { - logger.WithError(err).Error("Could not parse X-RateLimit-Next header") - } - return 0, false - } - - dateHeader := resp.Header.Get("Date") - if dateHeader == "" { - if logger != nil { - logger.Warnf("No Date header for X-RateLimit-Next: %s", nextHeader) - } - return 0, false - } - date, err := time.Parse(time.RFC1123, dateHeader) - if err != nil { - if logger != nil { - logger.WithError(err).Error("Could not parse Date header") - } - return 0, false - } - - // Next in the past does not make sense - if next.Before(date) { - if logger != nil { - logger.Warnf("X-RateLimit-Next: %s before Date: %s", nextHeader, dateHeader) - } - return 0, false - } - return next.Sub(date), true -} - -func overrideBackoff(baseBackoff retryablehttp.Backoff, logger log.Interface) retryablehttp.Backoff { - return func(min, max time.Duration, attemptNum int, resp *http.Response) time.Duration { - if resp != nil { - if resp.StatusCode == http.StatusTooManyRequests { - if wait, ok := getXRateLimitBackoff(resp, logger); ok { - return wait - } - } - } - return baseBackoff(min, max, attemptNum, resp) - } -} - func sessionWithRetry(cfg contextConfig, opts []session.Option) (session.Session, error) { if cfg.retryMax == 0 { cfg.retryMax = 10 @@ -182,9 +97,20 @@ func sessionWithRetry(cfg contextConfig, opts []session.Option) (session.Session return sess.Sign(req) } - retryClient.CheckRetry = overrideRetryPolicy(retryablehttp.DefaultRetryPolicy) - - retryClient.Backoff = overrideBackoff(retryablehttp.DefaultBackoff, sess.Log(cfg.ctx)) + retryClient.CheckRetry = func(ctx context.Context, resp *http.Response, err error) (bool, error) { + var urlErr *url.Error + if (resp != nil && resp.Request.Method == http.MethodGet) || + (resp == nil && errors.As(err, &urlErr) && strings.ToUpper(urlErr.Op) == http.MethodGet) { + if ctx.Err() != nil { + return false, ctx.Err() + } + if resp != nil && resp.StatusCode == http.StatusConflict { + return true, nil + } + return retryablehttp.DefaultRetryPolicy(ctx, resp, err) + } + return false, nil + } return sess, nil } diff --git a/pkg/akamai/configure_context_test.go b/pkg/akamai/configure_context_test.go index 19210cc32..2d318a0f9 100644 --- a/pkg/akamai/configure_context_test.go +++ b/pkg/akamai/configure_context_test.go @@ -1,24 +1,10 @@ package akamai import ( - "context" - "crypto/tls" - "crypto/x509" - "errors" - "net/http" - "net/http/httptest" - "net/url" - "strings" "testing" "time" - "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/edgegrid" - "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/papi" - "github.com/akamai/AkamaiOPEN-edgegrid-golang/v8/pkg/session" - "github.com/akamai/terraform-provider-akamai/v6/internal/test" - "github.com/akamai/terraform-provider-akamai/v6/pkg/retryablehttp" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func Test_validateRetryConfiguration(t *testing.T) { @@ -115,293 +101,3 @@ func Test_validateRetryConfiguration(t *testing.T) { }) } } - -func newRequest(t *testing.T, method, url string) *http.Request { - r, err := http.NewRequest(method, url, nil) - assert.NoError(t, err) - return r -} - -func TestOverrideRetryPolicy(t *testing.T) { - basePolicy := func(ctx context.Context, resp *http.Response, err error) (bool, error) { - return false, errors.New("base policy: dummy, not implemented") - } - policy := overrideRetryPolicy(basePolicy) - - tests := map[string]struct { - ctx context.Context - resp *http.Response - err error - expectedResult bool - expectedError string - }{ - "should retry for PAPI GET with status 429": { - ctx: context.Background(), - resp: &http.Response{ - Request: newRequest(t, http.MethodGet, "/papi/v1/sth"), - StatusCode: http.StatusTooManyRequests, - }, - expectedResult: true, - }, - "should retry for PAPI POST with status 429": { - ctx: context.Background(), - resp: &http.Response{ - Request: newRequest(t, http.MethodPost, "/papi/v1/sth"), - StatusCode: http.StatusTooManyRequests, - }, - expectedResult: true, - }, - "should not retry for PAPI POST with other 4xx status": { - ctx: context.Background(), - resp: &http.Response{ - Request: newRequest(t, http.MethodPost, "/papi/v1/sth"), - StatusCode: http.StatusBadRequest, - }, - expectedResult: false, - }, - "should retry for GET with status 409 conflict": { - ctx: context.Background(), - resp: &http.Response{ - Request: &http.Request{Method: http.MethodGet}, - StatusCode: http.StatusConflict, - }, - expectedResult: true, - }, - "should call base policy for other GETs": { - ctx: context.Background(), - resp: &http.Response{Request: &http.Request{Method: http.MethodGet}}, - expectedError: "base policy: dummy, not implemented", - }, - "should forward context error when present": { - ctx: func() context.Context { - ctx, cancel := context.WithCancel(context.Background()) - cancel() - return ctx - }(), - resp: &http.Response{Request: &http.Request{Method: http.MethodGet}}, - expectedError: "context canceled", - }, - "should not retry for POST": { - ctx: context.Background(), - resp: &http.Response{Request: &http.Request{Method: http.MethodPost}}, - expectedResult: false, - }, - "should not retry for PUT": { - ctx: context.Background(), - resp: &http.Response{Request: &http.Request{Method: http.MethodPut}}, - expectedResult: false, - }, - "should not retry for PATCH": { - ctx: context.Background(), - resp: &http.Response{Request: &http.Request{Method: http.MethodPatch}}, - expectedResult: false, - }, - "should not retry for HEAD": { - ctx: context.Background(), - resp: &http.Response{Request: &http.Request{Method: http.MethodHead}}, - expectedResult: false, - }, - "should not retry for DELETE": { - ctx: context.Background(), - resp: &http.Response{Request: &http.Request{Method: http.MethodDelete}}, - expectedResult: false, - }, - } - for name, tst := range tests { - t.Run(name, func(t *testing.T) { - shouldRetry, err := policy(tst.ctx, tst.resp, tst.err) - if len(tst.expectedError) > 0 { - assert.ErrorContains(t, err, tst.expectedError) - } else { - assert.NoError(t, err) - assert.Equal(t, tst.expectedResult, shouldRetry) - } - }) - } -} - -func stat429ResponseWaiting(wait time.Duration) *http.Response { - res := http.Response{ - StatusCode: http.StatusTooManyRequests, - Header: http.Header{}, - } - - now := time.Now().UTC().Round(time.Second) - date := strings.Replace(now.Format(time.RFC1123), "UTC", "GMT", 1) - res.Header.Add("Date", date) - if wait != 0 { - // Add: allow to canonicalize to X-Ratelimit-Next or the header won't be recognized - res.Header.Add("X-RateLimit-Next", now.Add(wait).Format(time.RFC3339Nano)) - } - return &res -} - -func Test_overrideBackoff(t *testing.T) { - baseWait := time.Duration(24) * time.Hour - baseBackoff := func(min, max time.Duration, attemptNum int, resp *http.Response) time.Duration { - return baseWait - } - backoff := overrideBackoff(baseBackoff, nil) - - tests := map[string]struct { - resp *http.Response - expectedResult time.Duration - }{ - "correctly calculates backoff from X-RateLimit-Next": { - resp: stat429ResponseWaiting(time.Duration(5729) * time.Millisecond), - expectedResult: time.Duration(5729) * time.Millisecond, - }, - "falls back for next in the past": { - resp: stat429ResponseWaiting(-time.Duration(5729) * time.Millisecond), - expectedResult: baseWait, - }, - "falls back for no X-RateLimit-Next header": { - resp: stat429ResponseWaiting(0), - expectedResult: baseWait, - }, - "falls back for invalid X-RateLimit-Next header": { - resp: func() *http.Response { - r := stat429ResponseWaiting(time.Duration(5729) * time.Millisecond) - r.Header.Set("X-RateLimit-Next", "2024-07-01T14:32:28.645???") - return r - }(), - expectedResult: baseWait, - }, - "falls back for no Date header": { - resp: func() *http.Response { - r := stat429ResponseWaiting(time.Duration(5729) * time.Millisecond) - r.Header.Del("Date") - return r - }(), - expectedResult: baseWait, - }, - "falls back for invalid Date header": { - resp: func() *http.Response { - r := stat429ResponseWaiting(time.Duration(5729) * time.Millisecond) - r.Header.Set("Date", "Mon, 01 Jul 2024 99:99:99 GMT") - return r - }(), - expectedResult: baseWait, - }, - } - for name, tst := range tests { - t.Run(name, func(t *testing.T) { - wait := backoff(1, 30, 1, tst.resp) - assert.Equal(t, tst.expectedResult, wait) - }) - } -} - -func mockSession(t *testing.T, mockServer *httptest.Server) session.Session { - serverURL, err := url.Parse(mockServer.URL) - require.NoError(t, err) - config := edgegrid.Config{Host: serverURL.Host} - - meta, err := configureContext(contextConfig{ - edgegridConfig: &config, - ctx: context.Background(), - }) - assert.NoError(t, err) - - certPool := x509.NewCertPool() - certPool.AddCert(mockServer.Certificate()) - rt := meta.Session().Client().Transport.(*retryablehttp.RoundTripper) - transport := rt.Client.HTTPClient.Transport.(*http.Transport) - transport.TLSClientConfig = &tls.Config{ - RootCAs: certPool, - } - - return meta.Session() -} - -func TestXRateLimitGet(t *testing.T) { - xrlHandler := test.XRateLimitHTTPHandler{ - T: t, - SuccessCode: http.StatusOK, - SuccessBody: ` - { - "properties": { - "items": [ - { - "accountId": "dummy_account_id", - "contractId": "ctr_test1", - "groupId": "grp_test1", - "propertyId": "prp_test1", - "propertyName": "my_property", - "latestVersion": 1, - "stagingVersion": null, - "productionVersion": null, - "assetId": "12345678" - } - ] - } - }`, - } - - mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/papi/v1/properties/prp_test1?contractId=ctr_test1&groupId=grp_test1", r.URL.String()) - assert.Equal(t, http.MethodGet, r.Method) - xrlHandler.ServeHTTP(w, r) - })) - defer mockServer.Close() - - client := papi.Client(mockSession(t, mockServer)) - result, err := client.GetProperty(context.Background(), papi.GetPropertyRequest{ - ContractID: "ctr_test1", - GroupID: "grp_test1", - PropertyID: "prp_test1", - }) - require.NoError(t, err) - assert.Equal(t, "my_property", result.Property.PropertyName) - // We expect exactly two requests to the server: - // - the first resulting in code 429 - // - the second after a proper backoff, resulting in status 200 - assert.Equal(t, []int{http.StatusTooManyRequests, http.StatusOK}, xrlHandler.ReturnedCodes()) - assert.Less(t, - xrlHandler.ReturnTimes()[1], - xrlHandler.AvailableAt().Add(time.Duration(time.Millisecond)*1100)) -} - -func TestXRateLimitPost(t *testing.T) { - xrlHandler := test.XRateLimitHTTPHandler{ - T: t, - SuccessCode: http.StatusCreated, - SuccessBody: ` - { - "activationLink": "/papi/v1/properties/prp_12345/activations/dummy_activation?contractId=ctr_test1&groupId=grp_test1" - }`, - } - - mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/papi/v1/properties/prp_12345/activations?contractId=ctr_test1&groupId=grp_test1", r.URL.String()) - assert.Equal(t, http.MethodPost, r.Method) - xrlHandler.ServeHTTP(w, r) - })) - defer mockServer.Close() - - client := papi.Client(mockSession(t, mockServer)) - result, err := client.CreateActivation(context.Background(), papi.CreateActivationRequest{ - PropertyID: "prp_12345", - ContractID: "ctr_test1", - GroupID: "grp_test1", - Activation: papi.Activation{ - PropertyVersion: 1, - Network: papi.ActivationNetworkStaging, - UseFastFallback: false, - NotifyEmails: []string{ - "you@example.com", - "them@example.com", - }, - AcknowledgeWarnings: []string{"foobarbaz"}, - }, - }) - require.NoError(t, err) - assert.Equal(t, "dummy_activation", result.ActivationID) - // We expect exactly two requests to the server: - // - the first resulting in code 429 - // - the second after a proper backoff, resulting in status 201 - assert.Equal(t, []int{http.StatusTooManyRequests, http.StatusCreated}, xrlHandler.ReturnedCodes()) - assert.Less(t, - xrlHandler.ReturnTimes()[1], - xrlHandler.AvailableAt().Add(time.Duration(time.Millisecond)*1100)) -} From 06f94eecbc4feaef943ba516c5416b174dfd54bf Mon Sep 17 00:00:00 2001 From: Michal Wojcik Date: Tue, 3 Sep 2024 16:05:54 +0200 Subject: [PATCH 16/17] DXE-4183 Revert handle retries for 429 code with X-RateLimit-Next --- CHANGELOG.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4087cdef0..5c90f3327 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,9 +15,6 @@ * PAPI * Added support for new rule format `v2024-08-13` - * Added support for status code `429 Too Many Requests` containing `X-RateLimit-Next` header. - When `X-RateLimit-Next` is present, the wait time before retry is calculated as the time - difference between this header and the `Date` header. #### BUG FIXES: From 6aa3a8f7b35fbe530dc86b1f0d56008c827819e8 Mon Sep 17 00:00:00 2001 From: "Zagrajczuk, Wojciech" Date: Wed, 4 Sep 2024 09:58:32 +0200 Subject: [PATCH 17/17] DXE-3940 Update release date --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c90f3327..bff0d5aa0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # RELEASE NOTES -## 6.4.0 (Aug 29, 2024) +## 6.4.0 (Sep 04, 2024) #### FEATURES/ENHANCEMENTS: