» oci_load_balancer_rule_set

This resource provides the Rule Set resource in Oracle Cloud Infrastructure Load Balancer service.

Creates a new rule set associated with the specified load balancer. For more information, see Managing Rule Sets.

» Example Usage

resource "oci_load_balancer_rule_set" "test_rule_set" {
    #Required
    items {
        #Required
        action = "${var.rule_set_items_action}"

        #Optional
        allowed_methods = "${var.rule_set_items_allowed_methods}"
        conditions {
            #Required
            attribute_name = "${var.rule_set_items_conditions_attribute_name}"
            attribute_value = "${var.rule_set_items_conditions_attribute_value}"
        }
        description = "${var.rule_set_items_description}"
        header = "${var.rule_set_items_header}"
        prefix = "${var.rule_set_items_prefix}"
        status_code = "${var.rule_set_items_status_code}"
        suffix = "${var.rule_set_items_suffix}"
        value = "${var.rule_set_items_value}"
    }
    load_balancer_id = "${oci_load_balancer_load_balancer.test_load_balancer.id}"
    name = "${var.rule_set_name}"
}

» Argument Reference

The following arguments are supported:

  • items - (Required) (Updatable) An array of rules that compose the rule set.

    • action - (Required) (Updatable) The action can be one of these values: ADD_HTTP_REQUEST_HEADER, ADD_HTTP_RESPONSE_HEADER, ALLOW, CONTROL_ACCESS_USING_HTTP_METHODS, EXTEND_HTTP_REQUEST_HEADER_VALUE, EXTEND_HTTP_RESPONSE_HEADER_VALUE, REMOVE_HTTP_REQUEST_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    • allowed_methods - (Required when action=CONTROL_ACCESS_USING_HTTP_METHODS) (Updatable) The list of HTTP methods allowed for this listener.

      By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry. You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets.

      Your backend application must be able to handle the methods specified in this list.

      The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support to remove the restriction for your tenancy.

      Example: ["GET", "PUT", "POST", "PROPFIND"]

    • conditions - (Required when action=ALLOW) (Updatable)

      • attribute_name - (Required) (Updatable) The attribute_name can be one of these values: SOURCE_IP_ADDRESS, SOURCE_VCN_ID, SOURCE_VCN_IP_ADDRESS
      • attribute_value - (Required) (Updatable) Depends on attribute_name:
        • when attribute_name = SOURCE_IP_ADDRESS | IPv4 or IPv6 address range to which the source IP address of incoming packet would be matched against
        • when attribute_name = SOURCE_VCN_IP_ADDRESS | IPv4 address range to which the original client IP address (in customer VCN) of incoming packet would be matched against
        • when attribute_name = SOURCE_VCN_ID | OCID of the customer VCN to which the service gateway embedded VCN ID of incoming packet would be matched against
    • description - (Applicable when action=ALLOW) (Updatable) A brief description of the access control rule. Avoid entering confidential information.

      example: 192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them.

    • header - (Required when action=ADD_HTTP_REQUEST_HEADER | ADD_HTTP_RESPONSE_HEADER | EXTEND_HTTP_REQUEST_HEADER_VALUE | EXTEND_HTTP_RESPONSE_HEADER_VALUE | REMOVE_HTTP_REQUEST_HEADER | REMOVE_HTTP_RESPONSE_HEADER) (Updatable) A header name that conforms to RFC 7230. Example: example_header_name

    • prefix - (Applicable when action=EXTEND_HTTP_REQUEST_HEADER_VALUE | EXTEND_HTTP_RESPONSE_HEADER_VALUE) (Updatable) A string to prepend to the header value. The resulting header value must still conform to RFC 7230. Example: example_prefix_value

    • status_code - (Applicable when action=CONTROL_ACCESS_USING_HTTP_METHODS) (Updatable) The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is 405 (Method Not Allowed). Example: 403

    • suffix - (Applicable when action=EXTEND_HTTP_REQUEST_HEADER_VALUE | EXTEND_HTTP_RESPONSE_HEADER_VALUE) (Updatable) A string to append to the header value. The resulting header value must still conform to RFC 7230. Example: example_suffix_value

    • value - (Required when action=ADD_HTTP_REQUEST_HEADER | ADD_HTTP_RESPONSE_HEADER) (Updatable) A header value that conforms to RFC 7230. Example: example_value

  • load_balancer_id - (Required) The OCID of the specified load balancer.

  • name - (Required) The name for this set of rules. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_rule_set

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

» Attributes Reference

The following attributes are exported:

  • items - An array of rules that compose the rule set.

    • action - The action can be one of these values: ADD_HTTP_REQUEST_HEADER, ADD_HTTP_RESPONSE_HEADER, ALLOW, CONTROL_ACCESS_USING_HTTP_METHODS, EXTEND_HTTP_REQUEST_HEADER_VALUE, EXTEND_HTTP_RESPONSE_HEADER_VALUE, REMOVE_HTTP_REQUEST_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    • allowed_methods - The list of HTTP methods allowed for this listener.

      By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry. You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets.

      Your backend application must be able to handle the methods specified in this list.

      The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support to remove the restriction for your tenancy.

      Example: ["GET", "PUT", "POST", "PROPFIND"]

    • conditions -

      • attribute_name - (Required) (Updatable) The attribute_name can be one of these values: SOURCE_IP_ADDRESS, SOURCE_VCN_ID, SOURCE_VCN_IP_ADDRESS
      • attribute_value - (Required) (Updatable) Depends on attribute_name:
        • when attribute_name = SOURCE_IP_ADDRESS | IPv4 or IPv6 address range to which the source IP address of incoming packet would be matched against
        • when attribute_name = SOURCE_VCN_IP_ADDRESS | IPv4 address range to which the original client IP address (in customer VCN) of incoming packet would be matched against
        • when attribute_name = SOURCE_VCN_ID | OCID of the customer VCN to which the service gateway embedded VCN ID of incoming packet would be matched against
    • description - A brief description of the access control rule. Avoid entering confidential information.

      example: 192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them.

    • header - A header name that conforms to RFC 7230. Example: example_header_name

    • prefix - A string to prepend to the header value. The resulting header value must still conform to RFC 7230. Example: example_prefix_value

    • status_code - The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is 405 (Method Not Allowed). Example: 403

    • suffix - A string to append to the header value. The resulting header value must still conform to RFC 7230. Example: example_suffix_value

    • value - A header value that conforms to RFC 7230. Example: example_value

  • name - The name for this set of rules. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_rule_set

» Import

RuleSets can be imported using the id, e.g.

$ terraform import oci_load_balancer_rule_set.test_rule_set "loadBalancers/{loadBalancerId}/ruleSets/{ruleSetName}"