/
configuration.go
4370 lines (3539 loc) · 315 KB
/
configuration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
package hwapi
import (
"encoding/json"
"fmt"
"reflect"
"strconv"
)
// AccessLogger Configure settings relevant to the global settings that AccessLogger uses when storing access logs, origin pull logs, and receipt logs.
// AllowedScope PRODUCT
// DefaultPolicy {"uploadToHCS":true,"enableCompression":true}
type AccessLogger struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// EnableCompression Enable gzip compression of access logs for this customer.
EnableCompression *bool `json:"enableCompression," default:"1" role:"HWADMIN" writeonly:""`
// UploadToHCS Upload access logs for this customer directly to Highwinds Cloud Storage
UploadToHCS *bool `json:"uploadToHCS," default:"1" role:"HWADMIN" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
// ExpireTimeHCS Time in seconds that an accesslog is allowed to live before it is expired from HCS
ExpireTimeHCS uint32 `json:"expireTimeHCS,omitempty" default:"3888000" role:"HWADMIN" writeonly:""`
// ExpireTimeLocal Time in seconds that an accesslog is allowed to live before it is expired from the accesslogger local storage
// NOTE: This is used by SysEng's script to purge old access log files and the default value is subjected to change
ExpireTimeLocal uint32 `json:"expireTimeLocal,omitempty" default:"3888000" role:"HWADMIN" writeonly:""`
}
// AccessLogs Configure settings relevant to Access Logs.
// AllowedScope DIR
// DefaultPolicy {"enabled":false}
type AccessLogs struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled <p>Enable flag for this configuration type.</p>
Enabled *bool `json:"enabled," default:"false" role:"normal" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// AccessLogIPObfuscation Enable/Disable IP address obfuscation in access logs for GDPR compliance.
// AllowedScope DIR
// DefaultPolicy {"enabled":true}
type AccessLogIPObfuscation struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Enable IP address obfuscation of access logs for this customer. Complies with GDPR and obfuscates IPv4 addresses using /24 and IPv6 addresses using /96 bitmasks.
// WARNING: DO NOT TURN THIS OFF UNLESS WE GOT A CLEAR FROM LEGAL AND SECURITY TEAM
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
}
// AccessLogsConfig Configure settings relevant to Access Log Settings.
// AllowedScope DIR
// DefaultPolicy null
type AccessLogsConfig struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// ExtraLogFields <p>Comma delimited list of HTTP header fields to append to the standard fields in the access log. Each field must have the 'sc:' (server-to-client) or 'cs:' (client-to-server) prefix.</p>
// <p>Example: cs:Cookie, sc:x-custom-header</p>
ExtraLogFields string `json:"extraLogFields,omitempty" default:"" role:"normal" writeonly:"" list:"string"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// HostnameReporting Controls analytics and billing reporting by each unique hostname that maps to your site.
// AllowedScope PRODUCT
// DefaultPolicy {"enabled":false}
type HostnameReporting struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Enables reporting by hostname on a site.
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
}
// NrtReporting Near Real Time File Traffic Reporting
// AllowedScope PRODUCT
// DefaultPolicy null
type NrtReporting struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// ReportVHost Enable realtime reporting by hostname.
ReportVHost *bool `json:"reportVHost,omitempty" default:"false" role:"HWADMIN" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
}
// OriginPullLogs Configure settings relevant to Origin Pull Logs.
// AllowedScope DIR
// DefaultPolicy {"enabled":false}
type OriginPullLogs struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled <p>Enable flag for this configuration type.</p>
Enabled *bool `json:"enabled," default:"false" role:"normal" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// OriginPullLogsConfig Configure settings relevant to Origin Pull Log Settings.
// AllowedScope DIR
// DefaultPolicy null
type OriginPullLogsConfig struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// ExtraLogFields Comma delimited list of HTTP header fields to append to the standard fields in the origin pull log. Each field must have the 'sc:' (server-to-client) or 'cs:' (client-to-server) prefix.
// <p>Example: cs:Cookie,sc:x-custom-header</p>
ExtraLogFields string `json:"extraLogFields,omitempty" default:"" role:"normal" writeonly:"" list:"string"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// ReceiptLogs Configure settings relevant to receipt logs.
// AllowedScope DIR
// DefaultPolicy {"enabled":false}
type ReceiptLogs struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Enables receipt logs at the edge.
Enabled *bool `json:"enabled," default:"false" role:"HWADMIN" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
}
// ReceiptLogsConfig Configure settings relevant to Receipt Log Settings.
// AllowedScope DIR
// DefaultPolicy null
type ReceiptLogsConfig struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// ExtraLogFields <p>Comma delimited list of HTTP header fields to append to the standard fields in the receipt access logs. Each field must have the 'sc:' (server-to-client) or 'cs:' (client-to-server) prefix.</p>
// <p>Example: cs:Cookie, sc:x-custom-header</p>
ExtraLogFields string `json:"extraLogFields,omitempty" default:"" role:"normal" writeonly:"" list:"string"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// RequestReceipt Delivery Receipts
// AllowedScope DIR
// DefaultPolicy null
type RequestReceipt struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// UriFormat The Full GET URL for delivery receipts. The URL entered in this field must specify the protocol, host (port is optional), and path. Query string parameters are required UNLESS a requestReceipt/headers policy is defined. Query string parameters are in the following format: <name>=<value> (note the equal sign) where <name> is any HTTP legal query parameter name and <value> is either a CDN Variable or static literal.
URIFormat string `json:"uriFormat," default:"" role:"HWADMIN" writeonly:""`
// VerifyCertificate Enable Cert Verification while doing SSL connection to Receipt Origin
VerifyCertificate *bool `json:"verifyCertificate," default:"1" role:"HWADMIN" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// AddIdToAccessLog The add receipt identifier to access logs setting allows you to track delivery receipts in your access logs. By enabling this, the CDN caching servers will add the X-HW-Receipt Header to each receipt's corresponding Client Request Access Log entry. This is not referring to the Receipt Access Log entry. If this feature is enabled, the customer must have access logging enabled (see the Customer conf type).
AddIDToAccessLog *bool `json:"addIdToAccessLog,omitempty" default:"false" role:"HWADMIN" writeonly:""`
// ClientResponseCodeFilter
ClientResponseCodeFilter string `json:"clientResponseCodeFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// ClientResponseHeaderFilter
ClientResponseHeaderFilter string `json:"clientResponseHeaderFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Headers A pipe delimited list of strings describing HTTP header fields to insert into the delivery receipt. Each string should be in the form of a legal HTTP header with the following format: <name>: <value> (note the colon) where <name> is any HTTP legal header name and <value> is either a CDN Variable or static literal.
Headers string `json:"headers,omitempty" default:"" role:"HWADMIN" writeonly:"" list:"string"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
// CertificateCN Verify Origin Certificate's Common Name with Host specified in this policy. Hardcoded string (www.foo.com) or variable %origin.request.host% - Host header we send to Receipt Origin. If empty or not defined than CDN will skip CN Verification.
CertificateCN string `json:"certificateCN,omitempty" default:"" role:"HWADMIN" writeonly:""`
// MaxAge The receipt backlog TTL is the maximum age of a pending receipt. Receipts older than the specified amount are dropped. A value of zero indicates that the receipt does not expire and to only try delivering the receipt one time unless MaxRetry is defined.
MaxAge uint32 `json:"maxAge,omitempty" default:"0" role:"HWADMIN" writeonly:""`
// MaxRetry The retry count is the maximum number of times to retry the delivery of a single receipt before discarding it. This count is in addition to the initial delivery attempt. For example, a value of 3 means that a delivery edge will try to deliver a receipt up to 4 times. NOTE: if a MaxAge is also defined, then a receipt will be discarded if it expires before the maximum number of retries has been reached.
MaxRetry uint32 `json:"maxRetry,omitempty" default:"0" role:"HWADMIN" writeonly:""`
}
// RequestReceiptReportPercentage The delivery receipts report percentage policy allows you to configure the percentage of requests to provide delivery confirmation receipts.
// AllowedScope PRODUCT
// DefaultPolicy {"dedupReportPercentage":100,"cacheHitReportPercentage":100,"originPullReportPercentage":100}
type RequestReceiptReportPercentage struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// DedupReportPercentage Percentage of OriginPull dedup queue request to report to the receipt server.
DedupReportPercentage uint16 `json:"dedupReportPercentage,omitempty" default:"100" role:"HWADMIN" writeonly:"" range:"0,100"`
// OriginPullReportPercentage Percentage of OriginPull request to report to the receipt server.
OriginPullReportPercentage uint16 `json:"originPullReportPercentage,omitempty" default:"100" role:"HWADMIN" writeonly:"" range:"0,100"`
// CacheHitReportPercentage Percentage of cache hit request to report to the receipt server.
CacheHitReportPercentage uint16 `json:"cacheHitReportPercentage,omitempty" default:"100" role:"HWADMIN" writeonly:"" range:"0,100"`
}
// AwsSignedS3PostV4 Defines how to pre/sign post requests to be made by the CDN to an AWS origin.
// Note, even though this policy is groupable, if more than one policy is defined, only one policy will ever be applied.
// The CDN iterates over each policy until it finds the first match or applicable policy based on scope and/or filter.
// The CDN does not failover or attempt other policies if the chosen one failed. The Groupability was added with the
// primary intent to provide flexibilty when needing to define different AccessKeyId/SecretAccessKey combinations, such
// as using a popFilter to use one AccessKeyId/SecretAccessKey pair for a particular AWSRegion and another AccessKeyId/SecretAccessKey
// pair for a different AWSRegion. Likewise, the site may only use one AccessKeyId/SecretAccessKey across multiple AWSRegions.
// AllowedScope DIR
// DefaultPolicy null
type AwsSignedS3PostV4 struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// SecretAccessKey Shared secret key assigned to the AccessKeyID.
SecretAccessKey string `json:"secretAccessKey," default:"" role:"normal" writeonly:"" advancedType:"PASSWORD"`
// Enabled Set to true to enable policy.
Enabled *bool `json:"enabled," default:"false" role:"normal" writeonly:""`
// AwsRegion AWS region scope the access key.
// see: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
AwsRegion string `json:"awsRegion," default:"" role:"normal" writeonly:""`
// AccessKeyId Identifies the shared access key to be used to presign the request.
AccessKeyID string `json:"accessKeyId," default:"" role:"normal" writeonly:""`
// AuthenticationType Specifies what type of AWS authentication to use.
// query: Provide authentication information using query string parameters. Using query parameters to authenticate requests is
// useful when you want to express a request entirely in a URL. This method is also referred as presigning a URL.
// header: Use the HTTP Authorization header.
// The query and header algorithms are identical except that the expireTimeSeconds policy only is applicable to the query authentication type.
AuthenticationType string `json:"authenticationType,omitempty" default:"query" role:"normal" writeonly:"" enum:"[query,header]"`
// HeaderFilter Header Filter is used to determine if this type should be applied or not based on Expression Provide. Expressions are match against request headers.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included. Please note that you should not mix include and exclude patterns in the same list.
// headerFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: /dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard: User-Agent: Mozilla* - will match User-Agent: Mozilla/Firefox 6.0 or Mozilla 8.0).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:User-Agent: Mozilla* - will match Mozilla 6.0. Won't match Mozilla/Firefox 6.0)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/User-Agent:.*(iphone|android).*/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
// WARNING: Header Filter might not work for originPullPolicy unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
// WARNING: Header Filter might not work for originRequestQueue unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
// WARNING: Header Filter might not work for OriginResponseQueue unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"normal" writeonly:"" list:"GLOB"`
// MethodFilter Method Filter is used to determine if this type should be applied or not based on List of HTTP Methods provided
// Optionally, you may use an exclamation point in the list to describe the subset of HTTP methods excluded from this policy and all
// other requests method will be included.
// WARNING: You should not mix include and exclude in the same list.
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"normal" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: /dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:/DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"normal" writeonly:"" list:"GLOB"`
// PopFilter POP filter is list of pattern to match POPs where Policy needs to applied.
// Optionally, you may use an exclamation point in the list to describe the subset of POPs excluded from this policy.
// Use lower case or use '(?i)' prefix which indicates patterns are case insensitive.
// WARNING: You should not mix include and exclude in the same list.
PopFilter string `json:"popFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// RegionFilter Region filter is list of pattern to match Region where Policy needs to applied.
// Optionally, you may use an exclamation point in the list to describe the subset of Regions excluded from this policy.
// Use lower case or '(?i)' prefix which indicates patterns are case insensitive.
// WARNING: You should not mix include and exclude in the same list.
RegionFilter string `json:"regionFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// SignedHeaders List of additional headers to be used when calculating the signature.
// The headers "Host" and "x-amz-*" (customer AWS headers internall generated) are required and included by default.
// Headers not permitted and invalidate the policy if set are "user-agent" and "x-amzn-trace-id".
SignedHeaders string `json:"signedHeaders,omitempty" default:"" role:"normal" writeonly:"" list:"string"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// AwsService AWS service scope of the access key.
AwsService string `json:"awsService,omitempty" default:"s3" role:"normal" writeonly:""`
// BucketIdentifier Specify to scope this policy to a particular bucket. Note this value is directly coupled with the Host header, which is not always the origin hostname.
// See https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket, Buckets are accessed primarily through the Host header
// except when using SSL 'When you use virtual hosted–style buckets with Secure Sockets Layer (SSL), the SSL wildcard certificate only matches buckets that
// don't contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (".") in
// bucket names when using virtual hosted–style buckets.'
// Buckets are identified in one of three ways:
// 1) bucketname.s3.amazonaws.com
// 2) s3.amazonaws.com/bucketname
// 3) <custom.hostname>, such as www.myhost.com, where the host name is the bucketname
// To match an origin request to the correct policy, the CDN appends the path of the URL in the origin request to the value in the Host header of the request.
// The CDN checks if the constructed string "starts with" the value set in this policy. The key factor is that the Host header is used, which may not
// equal the origin hostname, such as the case a StaticHeader/OriginPull policy or proxying the Host header from a client request.
// Leaving this blank/unset indicates it is the default policy to use for all origin pulls when a specific AwsSignedOriginPullV4 policy has not been matched.
// If a default policy is used with one or more specific policies, the default needs to be listed last.
BucketIdentifier string `json:"bucketIdentifier,omitempty" default:"" role:"normal" writeonly:""`
// ExpireTimeSeconds Time period, in seconds, for which the generated presigned URL is valid.
// Note, this policy only is applicable to the 'query' authentication type (see awsSignedOriginPullV4/authenticationType).
ExpireTimeSeconds uint32 `json:"expireTimeSeconds,omitempty" default:"5" role:"normal" writeonly:""`
}
// AuthACL Enable access to content based on a customizable list of IP addresses.
// AllowedScope DIR
// DefaultPolicy null
type AuthACL struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// AccessCode Access code that indicates whether to allow or deny the IP access to the requested content.
AccessCode string `json:"accessCode," default:"" role:"normal" writeonly:"" enum:"[allow,deny]"`
// IpList The list of IP addresses (or CIDR blocks) to that apply to this policy. The IP addresses listed in this field will be allowed or denied based on the access directive provided in "Access Directive" field.
IPList string `json:"ipList," default:"" role:"normal" writeonly:"" list:"IP"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// Protocol Protocol for which this policy applies.
Protocol string `json:"protocol,omitempty" default:"both" role:"normal" writeonly:"" enum:"[http,https,both]"`
// ClientIPSrc <p>Source for the client IP to match against this policy. Valid values are:</p>
// <ul>
// <li><b>socket</b>: IP address from the client connection is used.</li>
// <li><b>header</b>: IP address from the specified header is used.</li>
// </ul>
ClientIPSrc string `json:"clientIPSrc,omitempty" default:"socket" role:"normal" writeonly:"" enum:"[socket,header]"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// Header Name of the http request header from which to obtain the client IP address when Client IP Source is set to header.
Header string `json:"header,omitempty" default:"" role:"normal" writeonly:""`
}
// AuthGeo Restrict access to content based on the geographic location of the end-user.
// AllowedScope DIR
// DefaultPolicy null
type AuthGeo struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Code The geographic code from MaxMind to apply.
Code string `json:"code," default:"" role:"normal" writeonly:"" enum:"[countryCode,region,subdivisionCodes,city,postalCode,continentCode,timeZone,dmaCode,areaCode]"`
// Values <p>Comma separated list of geographic codes for the region type selected. For an exclusion, use ! (exclamation). </p>
// <p>You should not use both inclusions and exclusions in this list. If you want to include the continent of Europe but exclude France, you must use two different types to express that. If a request matches any of the include rules (or if there are no include rules), and that client does not match any exclude rules, they will be granted access.</p>
Values string `json:"values," default:"" role:"normal" writeonly:"" list:"string"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// AuthHTTPBasic Require authentication in the form of a username and password from within an HTTP user agent, or web browser.
// AllowedScope DIR
// DefaultPolicy null
type AuthHTTPBasic struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// BindingPoint <p>The URL to the authorization endpoint.</p>
// <p><em>HTTPS URLs are currently not supported by this policy.</em></p>
BindingPoint string `json:"bindingPoint," default:"" role:"normal" writeonly:""`
// Realm The name of the authentication realm given back to the user on requests which don't contain credentials. For HTTP Basic Authentication, this value is usually displayed to the user when they are prompted for their login information.
Realm string `json:"realm," default:"" role:"normal" writeonly:""`
// Ttl Session timeout that an edge uses to avoid making an auth binding point call for each HTTP request. When it successfully authenticates a user, it will ask the user agent to set a cookie containing an encrypted authentication token and the TTL for the token. Effectively, a given user should only be authenticated against the configured binding point once within the tokens TTL.
TTL uint32 `json:"ttl," default:"" role:"normal" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// ConnectCount The maximum number of connections an edge server will make to the authentication binding point. This is an integer value not to exceed 99.
ConnectCount uint32 `json:"connectCount,omitempty" default:"4096" role:"HWADMIN" writeonly:""`
}
// AuthReferer Restrict access to content based on a customizable list of websites or domains, or "referrers."
// AllowedScope DIR
// DefaultPolicy null
type AuthReferer struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Referer The list of domains authorized to access the content requested.
Referer string `json:"referer," default:"" role:"normal" writeonly:"" list:"GLOB"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
}
// AuthSignUrlsInPlaylist Automatically apply my URL Signing policy to URLs inside my HLS playlists.
// AllowedScope DIR
// DefaultPolicy null
type AuthSignUrlsInPlaylist struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// FilenamePatterns A list of glob pattern for files containing URL that needs to be signed.
FilenamePatterns string `json:"filenamePatterns," default:"" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// UseCookie When signing the playlist, put the token in Set-Cookie of the response instead of in the URL's inside the m3u8 file.
// NOTE: Currently, only the AKv2 signing is supported using Cookie, all other signing method will ignore this setting
UseCookie *bool `json:"useCookie,omitempty" default:"false" role:"HWADMIN" writeonly:""`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
// CookieName When Cookie Authentication is enabled to sign the playlist, this is the name of the Cookie to be used to store the token. If Cookie is not enabled, this will be the name of the query string parameter used to store the whole signing token. For using with the AKv2 signing, this name should be one of the following: hdnea, hdnts or hdntl.
// NOTE: Currently, only the AKv2 signing is supported using Cookie or storing the whole signing token inside a single QS param, all other signing method will ignore this setting
CookieName string `json:"cookieName,omitempty" default:"" role:"HWADMIN" writeonly:""`
// ExtendTTL Sign the URL in the playlist with a diffrent TTL n seconds from the time of master playlist request. No extending or re-signing by default when the value is set to 0 second.
// NOTE: Because of the nature of the short life and long life token, only the AKv2 algorithm supports this feature.
ExtendTTL uint32 `json:"extendTTL,omitempty" default:"0" role:"HWADMIN" writeonly:""`
}
// AuthURLSign Protect files from unauthorized access with an encrypted key.
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSign struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// TokenField Query string parameter name which contains the URL's MD5 token signature.
TokenField string `json:"tokenField," default:"" role:"normal" writeonly:""`
// PassPhraseField The name of the query string parameter to use when constructing the URL to input into the md5 hash function.
PassPhraseField string `json:"passPhraseField," default:"" role:"normal" writeonly:""`
// PassPhrase The shared secret used when signing URLs.
PassPhrase string `json:"passPhrase," default:"" role:"normal" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// IgnoreFieldsAfterToken Ignore the fields after the Token field when verifying the URL signature. (Default: false)
IgnoreFieldsAfterToken *bool `json:"ignoreFieldsAfterToken,omitempty" default:"false" role:"normal" writeonly:""`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// IpAddressField <p>If present this will be a query string parameter containing an IP address of the client peer. The edge server will match the IP address in this query string parameter against the client requesting content for authorization.</p>
// <p><b>NOTE:</b> Only IPv4 address are supported.</p>
IPAddressField string `json:"ipAddressField,omitempty" default:"" role:"normal" writeonly:""`
// UriLengthField <p>If present this will restrict the number of bytes in the path to consider for URL signing. For example, if this value is 10 and the request is for http://mydomain.com/this/is/my/path/to/a/file?queryStringStuff, then the MD5 will be calculated using the first 10 bytes of the path and the query string:</p>
// <p>MD5("this/is/my?queryStringStuff")</p>
// <p>A length value of 0 means it will strip off the filename and use directory only (with trailing '/') plus the query string parameters.</p>
URILengthField string `json:"uriLengthField,omitempty" default:"" role:"normal" writeonly:""`
// UserAgentField If present this will restrict access based on the user agent. It is not required that that user agent be added to the field on the original request, just that the user agent parameter be present. The user agent will automatically be taken from the request header.
UserAgentField string `json:"userAgentField,omitempty" default:"" role:"normal" writeonly:""`
// ExpiresField The query string parameter which contains Unix epoch time after which this link is considered invalid.
ExpiresField string `json:"expiresField,omitempty" default:"" role:"normal" writeonly:""`
}
// AuthURLSignAliCloudA Ali Cloud Type-A URL Signing
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSignAliCloudA struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// PassPhrase Specify the shared passphrase, or sequence of words or other text, to use when generating the signature when authenticating a request made to the CDN.
PassPhrase string `json:"passPhrase," default:"" role:"normal" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// IncludeParamsBeforeToken Set to true when query string parameters listed before the token should be included when generating the signature hash.
IncludeParamsBeforeToken *bool `json:"includeParamsBeforeToken,omitempty" default:"false" role:"normal" writeonly:""`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// TokenField Set to override the default name of the query string parameter that will be used by the publisher to specify the signature for the URL.
TokenField string `json:"tokenField,omitempty" default:"auth_key" role:"normal" writeonly:""`
// ExpirationExtension Number of seconds to add to the expiration time given in a request, which extends the life of the signature. This value does not affect the expiration value in the request nor does it affect the signature itself.
ExpirationExtension uint32 `json:"expirationExtension,omitempty" default:"0" role:"normal" writeonly:""`
}
// AuthURLSignAliCloudB Ali Cloud Type-B URL Signing
// AllowedScope PRODUCT
// DefaultPolicy null
type AuthURLSignAliCloudB struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// PassPhrase Specify the shared passphrase, or sequence of words or other text, to use when generating the signature when authenticating a request made to the CDN.
PassPhrase string `json:"passPhrase," default:"" role:"normal" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// ExpirationExtension Number of seconds to add to the expiration time given in a request, which extends the life of the signature. This value does not affect the expiration value in the request nor does it affect the signature itself.
ExpirationExtension uint32 `json:"expirationExtension,omitempty" default:"1800" role:"normal" writeonly:""`
}
// AuthURLSignAliCloudC Ali Cloud Type-C URL Signing
// AllowedScope PRODUCT
// DefaultPolicy null
type AuthURLSignAliCloudC struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// PassPhrase Specify the shared passphrase, or sequence of words or other text, to use when generating the signature when authenticating a request made to the CDN.
PassPhrase string `json:"passPhrase," default:"" role:"normal" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// TokenField Set to use query string parameter to specify signing signature instead of putting it in the path of the URL.
TokenField string `json:"tokenField,omitempty" default:"" role:"normal" writeonly:""`
// ExpireField Set to use query string parameter to specify the expire time instead of putting it in the path of the URL.
ExpireField string `json:"expireField,omitempty" default:"" role:"normal" writeonly:""`
// ExpirationExtension Number of seconds to add to the expiration time given in a request, which extends the life of the signature. This value does not affect the expiration value in the request nor does it affect the signature itself.
ExpirationExtension uint32 `json:"expirationExtension,omitempty" default:"1800" role:"normal" writeonly:""`
}
// AuthURLSignHmacTlu URL Signing HMAC TLU
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSignHmacTlu struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// AlgorithmIdMap One or more key-value pairs, where the key is an ID and the value is a predetermined HMAC algorithm name maps. The ID is given in a signed URL and specifies which HMAC algorithm to use for authorization.
AlgorithmIDMap string `json:"algorithmIdMap," default:"" role:"normal" writeonly:"" hashMap:"string,enum[hmacsha1|hmacsha256]"`
// SymmetricKeyIdMap One or more key-value pairs, where the key is an ID and the value is shared symmetric key. The value can only printable ASCII characters and HTML encoded. The ID is given in a signed URL and specifies which symmetric key to use for authorization.
SymmetricKeyIDMap string `json:"symmetricKeyIdMap," default:"" role:"normal" writeonly:"1" hashMap:"string,string"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// AlgorithmIdParameterName Name of the query string parameter that contains the HMAC algorithm identifier for the signed URL.
AlgorithmIDParameterName string `json:"algorithmIdParameterName,omitempty" default:"P3" role:"normal" writeonly:""`
// DigestParameterName Name of the query string parameter that contains the HMAC digest (hash) for the signed URL.
DigestParameterName string `json:"digestParameterName,omitempty" default:"P4" role:"normal" writeonly:""`
// ExpireParameterName Name of the query string parameter that contains the expiration time for the signed URL.
ExpireParameterName string `json:"expireParameterName,omitempty" default:"P1" role:"normal" writeonly:""`
// KeyIdParameterName Name of the query string parameter that contains the shared symmetric key identifier for the signed URL.
KeyIDParameterName string `json:"keyIdParameterName,omitempty" default:"P2" role:"normal" writeonly:""`
}
// AuthURLSignIq The IQIYI signing policy allows you to restrict access to your content using various query parameters. Client requests to the CDN supply parameters that specifiy how to generate the secure token. Since the shared token and details of the algorithm are only known by the publisher and Stackpath, URL signatures cannot be generated by unauthorized users.
// WARNING: This needs to have a script set up in order to work properly.
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSignIq struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// HeaderFilter Header Filter is used to determine if this type should be applied or not based on Expression Provide. Expressions are match against request headers.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included. Please note that you should not mix include and exclude patterns in the same list.
// headerFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: /dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard: User-Agent: Mozilla* - will match User-Agent: Mozilla/Firefox 6.0 or Mozilla 8.0).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:User-Agent: Mozilla* - will match Mozilla 6.0. Won't match Mozilla/Firefox 6.0)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/User-Agent:.*(iphone|android).*/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
// WARNING: Header Filter might not work for originPullPolicy unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
// WARNING: Header Filter might not work for originRequestQueue unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
// WARNING: Header Filter might not work for OriginResponseQueue unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// MethodFilter Method Filter is used to determine if this type should be applied or not based on List of HTTP Methods provided
// Optionally, you may use an exclamation point in the list to describe the subset of HTTP methods excluded from this policy and all
// other requests method will be included.
// WARNING: You should not mix include and exclude in the same list.
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: /dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:/DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// SecretKey Security token used for signing in IQIYI's unique URL signing method.
SecretKey string `json:"secretKey,omitempty" default:"" role:"normal" writeonly:""`
}
// AuthURLAsymmetricSignTlu The ASYMMETRIC Time Limited URL (TLU) signing policy allow you to restrict access to your content by by use of an expiration time and Asymmetric Key based signed alglorithm that utilizes RSA private/public keys. Client requests to the CDN supply IDs that specifiy the shared public key and specific algorithm to apply to validate the signature that is also supplied in the request. Since the private asymmetric key are only known by the publisher, URL signatures cannot be generated by unauthorized users.
// AllowedScope DIR
// DefaultPolicy null
type AuthURLAsymmetricSignTlu struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// AlgorithmIdMap One or more key-value pairs, where the key is an ID and the value is a predetermined HMAC algorithm name maps. The ID is given in a signed URL and specifies which HMAC algorithm to use for authorization.
AlgorithmIDMap string `json:"algorithmIdMap," default:"" role:"normal" writeonly:"" hashMap:"string,enum[hmacsha1|hmacsha256]"`
// PublicKeyIdMap One or more key-value pairs, where the key is an ID and the value is shared public key. The ID is given in a signed URL and specifies which asymmetric key to use for authorization. Key is expected to be in Modulus and Exponent format delimited by Pipe (|). Example: modulus: base64_value|exponent: base64_value
PublicKeyIDMap string `json:"publicKeyIdMap," default:"" role:"normal" writeonly:"1" hashMap:"string,string"`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"normal" writeonly:""`
// HeaderFilter Header Filter is used to determine if this type should be applied or not based on Expression Provide. Expressions are match against request headers.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included. Please note that you should not mix include and exclude patterns in the same list.
// headerFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: /dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard: User-Agent: Mozilla* - will match User-Agent: Mozilla/Firefox 6.0 or Mozilla 8.0).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:User-Agent: Mozilla* - will match Mozilla 6.0. Won't match Mozilla/Firefox 6.0)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/User-Agent:.*(iphone|android).*/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
// WARNING: Header Filter might not work for originPullPolicy unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
// WARNING: Header Filter might not work for originRequestQueue unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
// WARNING: Header Filter might not work for OriginResponseQueue unless if it is Dynamic Cache based on Header or if it is non-cacheable asset.
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// MethodFilter Method Filter is used to determine if this type should be applied or not based on List of HTTP Methods provided
// Optionally, you may use an exclamation point in the list to describe the subset of HTTP methods excluded from this policy and all
// other requests method will be included.
// WARNING: You should not mix include and exclude in the same list.
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: /dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:/DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"normal" writeonly:""`
// AlgorithmIdParameterName Name of the query string parameter that contains the HMAC algorithm identifier for the signed URL.
AlgorithmIDParameterName string `json:"algorithmIdParameterName,omitempty" default:"P3" role:"normal" writeonly:""`
// DigestParameterName Name of the query string parameter that contains the HMAC digest (hash) for the signed URL.
DigestParameterName string `json:"digestParameterName,omitempty" default:"P4" role:"normal" writeonly:""`
// ExpireParameterName Name of the query string parameter that contains the expiration time for the signed URL.
ExpireParameterName string `json:"expireParameterName,omitempty" default:"P1" role:"normal" writeonly:""`
// KeyIdParameterName Name of the query string parameter that contains the shared symmetric key identifier for the signed URL.
KeyIDParameterName string `json:"keyIdParameterName,omitempty" default:"P2" role:"normal" writeonly:""`
}
// AuthURLSignL3 The Level 3 URL Signing policy allows you to create a signed URL that implements the same signing method used by Level 3; therefore, published URLs from an Level 3 CDN network can be transitioned to the Highwinds network without you having to change your signing methods.
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSignL3 struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// SharedSecretTable An ordered list of shared secrets. The order is CRITICAL and it MUST be identical to the ordered table used by the Client.
SharedSecretTable string `json:"sharedSecretTable," default:"" role:"HWADMIN" writeonly:"" list:"string"`
// TokenField This is the name of the query string parameter that will be used by the publisher to specify the signature for the URL.
TokenField string `json:"tokenField," default:"" role:"HWADMIN" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// IncludeProtocolAndHost Indicates whether or not to include both the Protocol and Host when calculating the signature.
IncludeProtocolAndHost *bool `json:"includeProtocolAndHost,omitempty" default:"false" role:"HWADMIN" writeonly:""`
// InjectClientIPAddress Indicates whether or not to include the Client's IP address when calculating the signature.
InjectClientIPAddress *bool `json:"injectClientIPAddress,omitempty" default:"false" role:"HWADMIN" writeonly:""`
// IncludeHostOnly Indicates whether or not to include the Host without the request Protocol when calculating the signature.
IncludeHostOnly *bool `json:"includeHostOnly,omitempty" default:"false" role:"HWADMIN" writeonly:""`
// TimeFormat Used to describe the format of expireField and startField. The CDN currently supports two formats.
// 1. epoch: An integer representing the number of seconds since January 1, 1970 on a UNIX/POSIX system.
// 2. datetime: A numerical representation of a date and time in GMT in the format yyyymmddHHMMSS.
TimeFormat string `json:"timeFormat,omitempty" default:"epoch" role:"HWADMIN" writeonly:"" enum:"[epoch,datetime]"`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// ExcludedParameters A list of patterns that are used to describe query string parameters that should be omitted from the hashing algorithm if contained in the URL. A asterisk '*' by itself indicates to exclude all query string parameters from the hashing algorithm. The tokenField is always excluded. On the other hand, the startField and/or expireField are always included in the hashing algorithm if present in the request even if listed here. Users may explicitly specify parameters to keep (not exclude) by preceding the glob with an exclamation "!". This may be useful if a User wants to exclude all query string parameters except one ore more known parameters. For example, a value of '*,!version' means exclude all parameters except "version".
ExcludedParameters string `json:"excludedParameters,omitempty" default:"" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
// ClientIPAddressField Provides the capability to rename the query string parameter that is used to inject the Client's IP address into the hashing algorithm. This configuration is only applicable when injectClientIPAddress is set to true.
ClientIPAddressField string `json:"clientIPAddressField,omitempty" default:"clientip" role:"HWADMIN" writeonly:""`
// StartField The name of the query string parameter that contains the start time when the request is considered valid.
StartField string `json:"startField,omitempty" default:"" role:"HWADMIN" writeonly:""`
// ExpireField This is the name of the query string parameter that contains the time after which the URL is considered invalid. If defined, requests must contain the parameter, and its value must be in the future.
ExpireField string `json:"expireField,omitempty" default:"" role:"HWADMIN" writeonly:""`
}
// AuthURLSignAKv1 The Akamai URL Signing v1 policy allows you to create a signed URL that implements the same signing method used by Akamai; therefore, published URLs from an Akamai CDN network can be transitioned to the Highwinds network without you having to change your signing methods.
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSignAKv1 struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// Salt The salt is used as a shared secret in the signing process. This value should only be known by Highwinds and by systems authorized to sign your content.
Salt string `json:"salt," default:"" role:"HWADMIN" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// MethodFilter
MethodFilter string `json:"methodFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// HeaderFilter
HeaderFilter string `json:"headerFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// PathFilter Path Filter is used to determine if this type should be applied or not based on Expression Provide.
// This is a list of patterns that are used to describe a subset of requests that are included (or optionally excluded) by this policy. By default the
// patterns you add to this list are interpreted as described in the subset of requests included in this policy and all others will be ignored.
// Optionally, you may use an exclamation point on each element in the list to describe the subset of requests excluded from this policy and all
// other requests will be included.
// Expression can either be used as Path Filter or URL Filter. If expression starts with [protocol]:// it is consider as URL Filter. In URL filter along with Path Match
// it also supports Protocol and Host Name match.
// pathFilter support three types of Match - Wildcard Match, Glob Match, Regex Match. Filter expression should start with Match Type (Ex: wildcard: /dir/*.html or glob: dir/*.html).
// Wildcard match - '*' will match all characters including '/'. (Ex: wildcard:/DIR/*.html - will match any HTML file under DIR or any Sub-directory under DIR. Will match DIR/FOO/index.html).
// Glob match - Its Path("/") Match. '*' will match all characters except '/'. (Ex: glob:DIR/*.html - will match all HTML file under DIR and not HTML file under sub directory of DIR. Won't match DIR/FOO/index.html)
// Regex match, it will use RE2 rules for regular expression match (RE2 Syntax: https://github.com/google/re2/wiki/Syntax). Expression should be sorruned by "/" (Ex: regex:/.*DIR/\d/.*file.txt/,/EXP/).
// WARNING: You should not mix include and exclude patterns in the same list.
PathFilter string `json:"pathFilter,omitempty" default:"*" role:"HWADMIN" writeonly:"" list:"GLOB"`
// Comment Explain to other users why you are making this change
Comment string `json:"comment,omitempty" default:"" role:"HWADMIN" writeonly:""`
// Param The authentication parameter defines the query string parameter in the request URL that contains the authentication information.
Param string `json:"param,omitempty" default:"__gda__" role:"HWADMIN" writeonly:""`
// Extract This indicates a component to extract from the request. If specified, it must exist in the request to pass authentication. If present in the request, its value is used to generate the authorization hash. The format is componentType:componentName. Currently, the only supported componentType is "header".
Extract string `json:"extract,omitempty" default:"" role:"HWADMIN" writeonly:""`
}
// AuthURLSignAKv2 The Akamai URL Signing v2 policy allows you to create a signed URL that implements the same signing method used by Akamai; therefore, published URLs from an Akamai CDN network can be transitioned to the Highwinds network without you having to change your signing methods.
// AllowedScope DIR
// DefaultPolicy null
type AuthURLSignAKv2 struct {
// ID configurationID, used when update configuration
ID int64 `json:"id,omitempty"`
// PassPhrase This is the shared secret used to sign the URL. This value must be set to a hexadecimal value padded to a byte boundary. This value should only be known by Highwinds and by personnel authorized to sign your content.
PassPhrase string `json:"passPhrase," default:"" role:"HWADMIN" writeonly:""`
// MatchURL Add the path portion of the URL (e.g., /path/to/file.txt) into the token before hashing.
MatchURL *bool `json:"matchURL," default:"1" role:"HWADMIN" writeonly:""`
// Enabled Generic Enabled Flag for all Config Types
Enabled *bool `json:"enabled," default:"1" role:"HWADMIN" writeonly:""`
// EnableACLWildcard This allows you to enable the use of wildcard matches in your ACL list.
EnableACLWildcard *bool `json:"enableACLWildcard," default:"1" role:"HWADMIN" writeonly:""`
// AclDelimiter This is the delimiter used to separate the IP addresses in the ACL list.
ACLDelimiter string `json:"aclDelimiter,omitempty" default:"!" role:"HWADMIN" writeonly:"" advancedType:"char"`
// FieldDelimiter This is the field delimiter used to separate the parts of your token.
FieldDelimiter string `json:"fieldDelimiter,omitempty" default:"~" role:"HWADMIN" writeonly:"" advancedType:"char"`