{
"additionalProperties": false,
"description": "Virtual server acts as a facade to an application, receives all client connections over a specified protocol and distributes them among the backend servers. This custom type allows for more complex settings than the simplified PolicyLbVirtualServer types. This object allows for complex configurations for PolicyLbVirtualServers of all types. All HTTP specific inputs will be rejected when combined with TPC or UDP protocols.",
"extends": {
"$ref": "HttpPolicyLbVirtualServer
},
"id": "CustomPolicyLbVirtualServer",
"module_id": "TempPolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "CustomPolicyLbVirtualServer"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"access_log_enabled": {
"default": false,
"description": "If access log is enabled, all HTTP requests sent to an L7 virtual server are logged to the access log file. Both successful requests (backend server returns 2xx) and unsuccessful requests (backend server returns 4xx or 5xx) are logged to access log, if enabled.",
"required": false,
"title": "Access log enabled setting",
"type": "boolean"
},
"app_protocol": {
"description": "As the custom type allows for more complex settings than the simplified PolicyLbVirtualServer types, also specify the desired protocol for receiving all client connections.",
"enum": [
"TCP",
"UDP",
"HTTP",
"HTTPS"
],
"required": true,
"title": "Application protocol for receiving client connections",
"type": "string"
},
"children": {
"description": "subtree for this type within policy tree containing nested elements.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "subtree for this type within policy tree",
"type": "array"
},
"client_ssl_certificate_ids": {
"description": "Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection",
"items": {
"type": "string"
},
"required": false,
"title": "ssl certificates",
"type": "array"
},
"client_ssl_settings": {
"default": "HIGH_SECURE_111317",
"description": "Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317",
"enum": [
"BASE_SECURE_111317",
"MODERATE_SECURE_111317",
"HIGH_SECURE_111317"
],
"required": false,
"title": "Security profile setting",
"type": "string"
},
"default_client_ssl_certificate_id": {
"description": "The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension.",
"required": false,
"title": "ssl certificate",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"insert_client_ip_header": {
"default": false,
"description": "Backend web servers typically log each request they handle along with the requesting client IP address. These logs are used for debugging, analytics and other such purposes. If the deployment topology requires enabling SNAT on the load balancer, then server will see the client as the SNAT IP which defeats the purpose of logging. To work around this issue, load balancer can be configured to insert XFF HTTP header with the original client IP address. Backend servers can then be configured to log the IP address in XFF header instead of the source IP address of the connection. If XFF header is not present in the incoming request, load balancer inserts a new XFF header with the client IP address.",
"required": false,
"title": "Relative path of this object",
"type": "boolean"
},
"ip_address": {
"$ref": "IPAddress,
"description": "Configures the IP address of the PolicyLbVirtualServer where it receives all client connections and distributes them among the backend servers.",
"required": true,
"title": "IP address of the PolicyLbVirtualServer"
},
"lb_persistence_profile": {
"description": "Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default.",
"required": false,
"title": "Persistence Profile used by PolicyLbVirtualServer",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"ports": {
"description": "Ports contains a list of at least one port or port range such as \"80\", \"1234-1236\". Each port element in the list should be a single port or a single port range.",
"items": {
"$ref": "PortElement
},
"required": true,
"title": "Virtual server port number(s) or port range(s)",
"type": "array"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"resource_type": {
"enum": [
"TcpPolicyLbVirtualServer",
"UdpPolicyLbVirtualServer",
"HttpPolicyLbVirtualServer",
"HttpsPolicyLbVirtualServer",
"CustomPolicyLbVirtualServer"
],
"required": true,
"type": "string"
},
"router_path": {
"description": "Path to router type object that PolicyLbVirtualServer connects to. The only supported router object is Network.",
"required": true,
"title": "Path to router type object for PolicyLbVirtualServer",
"type": "string"
},
"server_auth_ca_certificate_ids": {
"description": "To support client authentication (load balancer acting as a client authenticating to the backend server), server_ssl_certificate_id can be specified. When supplied, the backend server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP.",
"items": {
"type": "string"
},
"required": false,
"title": "ssl certificate",
"type": "array"
},
"server_ssl_settings": {
"default": "DISABLED",
"description": "Indicates whether to enable server side SSL. Server side SSL will be enabled when a specific security setting is selected. The selected security setting or profile represents various configurations related to SSL when the VirtualServer acts as a client connecting over SSL to the backend server. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED",
"enum": [
"BASE_SECURE_111317",
"MODERATE_SECURE_111317",
"HIGH_SECURE_111317",
"DISABLED"
],
"required": false,
"title": "Security profile setting",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"traffic_source": {
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "PolicyLbVirtualServer handling connections over HTTP or HTTPS",
"type": "object"
}