From 16e4410a6bc84fcddd8b0ac45833caf5804bc1a5 Mon Sep 17 00:00:00 2001 From: panic Date: Sat, 28 Dec 2024 15:20:31 +0300 Subject: [PATCH] Update CDN resource docs --- docs/resources/cdn_resource.md | 37 +++++++++++++++--- .../cdn/resources/vkcs_cdn_resource.md.tmpl | 39 ++++++++++++++++--- 2 files changed, 65 insertions(+), 11 deletions(-) diff --git a/docs/resources/cdn_resource.md b/docs/resources/cdn_resource.md index 3751a5a0..24ee3925 100644 --- a/docs/resources/cdn_resource.md +++ b/docs/resources/cdn_resource.md @@ -195,12 +195,39 @@ In addition to all arguments above, the following attributes are exported: -## Notes +## Using a Let's Encrypt certificate -### Specifying an ACL option -All ACL (Access Control List) options follow the same structure, and its meaning depends on `policy_type` value. When `policy_type` -is "allow", it means that CDN will allow access for all possible values of ACL subject except for those specified in `excepted_values` argument, and when `policy_type` is -"deny", CDN will deny access for all values of ACL subject except for values listed in `excepted_values` argument. +To issue a free [Let's Encrypt](https://letsencrypt.org/) certificate, specify "lets_encrypt" as +the value for `ssl_certificate.type` argument. The certificate will be issued after the CDN +resource is established, once the origin servers are available and DNS changes involving the +CNAME records for personal domains have propagated. + +~> **Note:** The option is only available for an active CDN resource, to achieve this, set the +value of `active` argument to "true". + +## Configuring ACLs + +To enhance security, you can specify Access Control Lists (ACLs) options. All of the follow the +same principles: when `policy_type` is "allow", it means that CDN server will allow access for all +possible values of ACL subject except for those specified in `excepted_values` argument, and when +`policy_type` is "deny", CDN will deny access with the same logic for excepted values. + +### Example Configuration + +For example, to protect content from unauthorized access from certain countries, you could use +`country_acl` option: + +```hcl +resource "vkcs_cdn_resource" "resource" { + ... + options = { + country_acl = { + policy_type = "allow" + excepted_values = ["GB", "DE"] + } + } + ... +} ## Import diff --git a/templates/cdn/resources/vkcs_cdn_resource.md.tmpl b/templates/cdn/resources/vkcs_cdn_resource.md.tmpl index 97ffe060..0823965f 100644 --- a/templates/cdn/resources/vkcs_cdn_resource.md.tmpl +++ b/templates/cdn/resources/vkcs_cdn_resource.md.tmpl @@ -15,12 +15,39 @@ description: |- {{ .SchemaMarkdown }} -## Notes - -### Specifying an ACL option -All ACL (Access Control List) options follow the same structure, and its meaning depends on `policy_type` value. When `policy_type` -is "allow", it means that CDN will allow access for all possible values of ACL subject except for those specified in `excepted_values` argument, and when `policy_type` is -"deny", CDN will deny access for all values of ACL subject except for values listed in `excepted_values` argument. +## Using a Let's Encrypt certificate + +To issue a free [Let's Encrypt](https://letsencrypt.org/) certificate, specify "lets_encrypt" as +the value for `ssl_certificate.type` argument. The certificate will be issued after the CDN +resource is established, once the origin servers are available and DNS changes involving the +CNAME records for personal domains have propagated. + +~> **Note:** The option is only available for an active CDN resource, to achieve this, set the +value of `active` argument to "true". + +## Configuring ACLs + +To enhance security, you can specify Access Control Lists (ACLs) options. All of the follow the +same principles: when `policy_type` is "allow", it means that CDN server will allow access for all +possible values of ACL subject except for those specified in `excepted_values` argument, and when +`policy_type` is "deny", CDN will deny access with the same logic for excepted values. + +### Example Configuration + +For example, to protect content from unauthorized access from certain countries, you could use +`country_acl` option: + +```hcl +resource "vkcs_cdn_resource" "resource" { + ... + options = { + country_acl = { + policy_type = "allow" + excepted_values = ["GB", "DE"] + } + } + ... +} ## Import